exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Adel SBM

Log1 CMS writeInfo() PHP Code Injection

Posted Jun 3, 2012

Authored by EgiX, sinn3r, Adel SBM | Site metasploit.com

This Metasploit module exploits the "Ajax File and Image Manager" component that can be found in log1 CMS. In function.base.php of this component, the 'data' parameter in writeInfo() allows any malicious user to have direct control of writing data to file data.php, which results in arbitrary remote code execution.

tags | exploit, remote, arbitrary, php, code execution

advisories | CVE-2011-4825, OSVDB-76928

SHA-256 | 5f8de96e6ea32234373a0a7a5100ed196a91a7eb2302465bc03aeaa9b7bfff70

Download | Favorite | View

Log1CMS 2.0 Remote Code Execution

Posted Nov 24, 2011

Authored by Adel SBM

Log1CMS version 2.0 remote code execution exploit that leverages ajax_create_folder.php.

tags | exploit, remote, php, code execution

SHA-256 | e42cee700505621b6ad1fce6c51c6c98f6b151986a1cc0d80ea0e471e27e2e1d

Download | Favorite | View