CustomCMS Gaming Portal suffers from a shell upload vulnerability.
ec3b3eac91f12476770467c9c5a771e81bb75a9989c980499c05d565cd79eff6
# Exploit Title: Upload Vulnerability in CustomCMS Gaming Portal
# Date: 26-apr-2010
# Author: Sid3^effects
# Software Link: N/a
# CVE : []
# Code : []
------------------------------------------------------------------------
Upload Vulnerability in CustomCMS Gaming Portal
Vendor:http://customcms.net/
----------------------Author:Sid3^effects-------------------------------
What is Custom CMS Gaming?
Custom CMS Gaming is a Content Management System geared towards all Gamers that would like to maintain and create fully functional gaming sources. Whether you're interested in running your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy for all users to create & manage the Gaming website they've always dreamed of.
--------------------------------------------------------------------------------------------
* UPLOAD Vulnerability
The attacker can upload shell.
change your shell format to an image format
goto media where you can upload images
DEMO URL : http://customcms.net/demo/admincp/?page=Media&op=Media
once uploaded check your evil script goto /images/uploads/gallery/[ur evil script]
DEMO URL :
http://customcms.net/demo/images/uploads/gallery/[ur evil script]
---------------------------------------------------------------------------
ShoutZ :
-------
---Indian Cyber warriors--Andhra hackers--
Greetz :
--------
=--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=