21 lines
No EOL
843 B
Text
21 lines
No EOL
843 B
Text
#
|
|
# Title : Nova CMS Directory Travel
|
|
# Author : Red Security TEAM
|
|
# Date : 21/01/2012
|
|
# Download : http://www.nova-cms.com/uploads/files/novacms.zip
|
|
# Tested On : CentOS
|
|
# Dork : Copyright ©2005-2011 by Nova CMS.
|
|
# Contact : Info [ 4t ] RedSecurity [ d0t ] COM
|
|
# Home : http://RedSecurity.COM
|
|
#
|
|
# Exploit :
|
|
#
|
|
# 1. Register
|
|
# 2. Go to forum and click on "NEW TOPIC"
|
|
# 3. In the above tab in editor click on last picture "Attach File"
|
|
# 4. Start Live HTTP headers
|
|
# 5. Add a new allowed file
|
|
# 6. Find dir=uploads%2Fforum%2Fdata-YourUsername2F&options=true&ajax=true and click on Reply on Live HTTP headers
|
|
# 7. Change to dir=uploads%2F , dir=uploads%2Fbackup%2F
|
|
# 8. You can't back to directory before uploads directory but you can see all directory in uploads example another users files and uploads/backup/ ;):D
|
|
# |