CSZ CMS 1.2.1 Arbitrary File Upload

CSZ CMS version 1.2.1 suffers from an arbitrary file upload vulnerability.

MD5 | ad2667b2518dc48fc775c2bce95ae340

# Exploit Title: CSZ CMS 1.2.1 - Arbitrary File Upload
# Dork: N/A
# Date: 15-03-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage: https://www.cszcms.com/
# Software Link: https://sourceforge.net/projects/cszcms/
# Version: 1.2.1
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: CSZ CMS is an open source web application that
allows to manage all content
and settings on the websites. CSZ CMS was built on the basis of
Codeigniter and design
the structure of Bootstrap, this should make your website fully
responsive with ease.
# POC - File Upload
# Step by Step
# 1-) Login with admin username and password
# 2-) Click on the content menu then go to the file upload tab.
# 3-) Open your php script file and add it to the top of the page (GIF89a;).
# 4-) Change the file extension to .php.gif
# 5-) Run the burp suite program. and do your proxy settings.
# 6-) Click the Add Files button to select your file.
# 7-) Press the upload button. and delete the .gif part from the file
extension in the burp suite.
# 8-) You may receive an error message. no problem. the file will be
installed on the server.
# 9-) You can see the name and path of the file in URL_Path: at the
bottom of the screen.

Related Posts