#odlican.net cms v.1.5 remote file upload vulnerability #Author: REMOVED AT REQUEST OF AUTHOR #you can download following cms here #http://cms.odlican.net/files/cmsv1-5.zip #Info:odlican.net cms v.1.5 is simple opensource cms made by croatian web designers and it has serious flaw. #dork:Powered by odlican.net cms v.1.5 #what is vulnerable? this is vulnerable part of code from upload.php and it will upload any file to /cms/files/ folder(including dangerous php scripts) if ( isset($_POST['pokreni'])){ $target_path = "files/"; $target_path = $target_path . basename( $_FILES['uploadedfile']['name']); if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {echo "Datoteka ". basename( $_FILES['uploadedfile']['name']). " je snimljena na server";} else{ echo "Do�lo je do gre�ke poku�ajte ponovno!";} } #there should be code that will filter some extensions like .php etc..... #fixajte si taj kod. dodajte da skripta provjerava ekstenzije i velicinu filea #pozz