header-logo
Suggest Exploit
vendor:
GoopleCMS
by:
x0r - Evolution Team
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: GoopleCMS
Affected Version From: Goople Cms 1.7
Affected Version To: Goople Cms 1.7
Patch Exists: NO
Related CWE: N/A
CPE: GoopleCMS
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Arbitrary File Upload

Logg youself like a normal user, and then go to: /win/content/upload.php and upload your php shell after go to: /user/doc/shell.php

Mitigation:

Ensure that the application is configured to only allow uploads of files with the appropriate MIME type and that the application validates the contents of the uploaded file.
Source

Exploit-DB raw data:

-============================================-
Autore: x0r - Evolution Team
Msn: andry2000@hotmail.it
Cms: Goople Cms 1.7
Bug: Arbitrary File Upload
Download:
http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
-============================================-
Exploit:

Logg youself like a normal user, and then go to:

/win/content/upload.php and upload your php shell

after go to: /user/doc/shell.php

Greetz: Amore mio sono 47 giorni che stiamo insieme, 47 giorni
fantastici...sei la mia vita... A + M = L O V E
        Ti Amo Bimba Mia... 8\10\2008

# milw0rm.com [2008-11-23]

Navigation

Suggest Exploit

Services By CQR