Goople CMS 1.7 Arbitrary File Creation

vendor:

Goople CMS

by:

x0r - Evolution Team

6.4

CVSS

MEDIUM

Arbitrary File Creation

264

CWE

Product Name: Goople CMS

Affected Version From: Goople CMS 1.7

Affected Version To: Goople CMS 1.7

Patch Exists: NO

Related CWE: N/A

CPE: a:gooplecms:goople_cms:1.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Goople CMS 1.7 Arbitrary File Creation

Logg yourself like a normal user then in your meno go on "Notepad" ( /win/notepad/index.php ), in this notepad you can make a php shell :P. Use this js code for bypass the log in: javascript:document.cookie = "loggedin=1; path=/"; And then go to /win/notepad/index.php

Mitigation:

Ensure that user input is properly validated and sanitized before being used to create files.

Source

Exploit-DB raw data:

-============================================-
Autore: x0r - Evolution Team
Msn: andry2000@hotmail.it
Cms: Goople Cms 1.7
Bug: Arbitrary File Creation
Download:
http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
-============================================-

Exploit:

#Attack One

Logg yourself like a normal user then in your meno go on "Notepad" (
/win/notepad/index.php ), in this notepad you can make a php shell :P

#Attack Two

Use this js code for bypass the log in: javascript:document.cookie =
"loggedin=1; path=/"; <--- tnx BeyazKurt

And then go to /win/notepad/index.php


Greetz: Amore mio oggi sono 48 giorni...Ti AmO Da Impazzire... A + M....
Bimba Mia Sei La Mia Vita...

# milw0rm.com [2008-11-24]