Softpedia SiteXS CMS 0.1.1 Arbitrary File Upload Vulnerability

2008-06-02 00:00:00

###############################################################
#
# SiteXS CMS Remote File Upload Vulnerability
#
###############################################################
#
# Discovered by : Ciph3r
#
#
# E-Mail : [email protected]
#
################################################################
#
#
# CMS: sitexs-0.1.1 CMS ( All Version Vulnerable )
#
# Download CMS : http://dfn.dl.sourceforge.net/sourceforge/sitexs/sitexs-0.1.1.tar.gz
#
# Sp TANX4 : google.com ; milw0rm.com ; sourceforge.net
#
# SP TANX2 : Iranian hacker & Kurdish Security TEAM
#
# You Must turn on :
# register_globals = On
# register_long_arrays=on
#
#
################################################################

Upload the shell :

http://localhost/[sitexs]/adm/visual/upload.php


you for use this exploit . you must your shell file exists in exploit directory
then excute exploit you find your shell in below link

www.example.com/[sitexs]/images/1.gif.php
www.example.com/[sitexs]/images/[shell][.php]

:d

#

Fixes

No fixes

In order to submit a new fix you need to be registered.