Kaboozu CMS Shell Upload

2015.10.19
Credit: KnocKout
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

.__ _____ _______ | |__ / | |___ __\ _ \_______ ____ | | \ / | |\ \/ / /_\ \_ __ \_/ __ \ | Y \/ ^ /> <\ \_/ \ | \/\ ___/ |___| /\____ |/__/\_ \\_____ /__| \___ > \/ |__| \/ \/ \/ _____________________________ / _____/\_ _____/\_ ___ \ \_____ \ | __)_ / \ \/ http://h4x0resec.blogspot.com / \ | \\ \____ /_______ //_______ / \______ / => 1 Kas?mda oylar MHP'ye, ona gre.. <= \/ \/ \/ Kaboozu CMS x.x.x - Remote Shell Upload Vulnerability (0day) ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Discovered by: KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://h4x0resec.blogspot.com - http://milw00rm.com [~] Greetz: BARCOD3, ZoRLu, b3mb4m, _UnDeRTaKeR_, Septemb0x, KedAns-Dz, Turksec( TurkGuvenligi ) ############################################################ ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : Kaboozu CMS |~Affected Version : 6.0.0 and all version |~Official : http://www.kaboozu.dk/ |~RISK : High |~DORK : N/A |~Tested On : [L] Kali Linux [R] ######################################################## Tested on; www.klimadan.dk www.mormorshjem.dk www.promidt.dk www.oh-industri.dk www.ungherning.dk www.isenvad-badminton-klub.dk www.stensbjerg-totalbyg.dk www.baboonwire.com www.www.ankerhost.dk www.birk-ikast.dk www.deviso.dk www.dovista.com www.oen.dk www.mea-cor.dk ---------------------------------------------------------- INFO ------------------------------------------------------- Step1: Go to Target: [URL]/kaboozu/tools/kcfinder/browse.php?type=media Step2: Go to the "Banner" directory (You can install malicious code. CoDer jerks are just "php" They put filters, Something happens that they forget PHP5 supports most Linux servers the name of the shell file if you do it this way this would be easily upload ".php5" ) Step3 : sample file name for bypass "h4x0re.jpeg.php5" and it upload ! Step4 : the uploaded file on the server will be here [URL]/custom/media/Banner/h4x0re.jpg.php5 ----------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top