exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ananta Gazelle CMS Shell Upload

Ananta Gazelle CMS Shell Upload
Posted Aug 26, 2010
Authored by eidelweiss

Ananta Gazelle CMS suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b7fb7559715ca74fc7d53634e32a73c79d2e424a5c9a61a93669b5fe566d81c4

Ananta Gazelle CMS Shell Upload

Change Mirror Download
==========================================================
Ananta Gazelle CMS Shell Upload Vulnerability
==========================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ######################################## 1
0 I'm eidelweiss member from Inj3ct0r Team 1
1 ######################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Software Link: www.anantasoft.com
Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download
Author: eidelweiss
Contact: g1xsystem[at]windowslive.com

Special Thank`s To: iwe a.k.a KirD , PKI a.k.a Andri klaten, m4rc0, and YOU !!!!!

================================================================

This vulnerability isssue can be exploited or use by attacker to upload arbitary shell script to gain access,
or data.

1. You Need To Register Your self
2. When your account active (registed) after activate your account by clicking on following link in your mail,
then login with type your user name and password .
3. after you login successful click "To admin panel" or "To user panel" and/or you will be direct to

http://sample.site/ananta_path/admin
or
http://sample.site/ananta-path/user.php

4. Then go to or copy and paste this link:

"/admin/editor/filemanager/frmupload.html" // (without quote)

ex: http://sample.site/admin/editor/filemanager/frmupload.html

5. Upload your script backdoor shell there
6. If success or lucky your backdoor shell can be check or will be available here:

http://sample.site/admin/editor/backdoorshellfile.extention (Ananta_Gazelle1.0/admin/editor/filemanager/connectors/php/config.php //line 27)

or

http://sample.site/user/backdoorshellfile.extention (Ananta_Gazelle1.0/admin/editor/filemanager/connectors/php/config.php //line 27)


NOTE: Edit your backdoor shell by adding GIF or JPG source, so you can get the shell.


=========================| -=[ E0F ]=- |============================
Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close