Tutorial Deface 2021 CMS Made Simple - Arbitary File Upload

Dvn404
December 16, 2020
Assalamualaikum Hallo Sahabat :v


Check This Out !

# Exploit Title: CMS Made Simple 2.2.14 - Arbitrary File Upload (Authenticated)
# Google Dork: -
# Date: 2020-07-29
# Exploit Author: Roel van Beurden
# Vendor Homepage: https://www.cmsmadesimple.org/
# Software Link: http://s3.amazonaws.com/cmsms/downloads/14793/cmsms-2.2.14-install.zip
# Version: 2.2.14
# Tested on: Linux Ubuntu 18.04
# CVE: N/A





tuh target gw, btw gw install sendiri ya bos CMS nya







Sesuai judul yang gw upload (Authenticated) Butuh Autentikasi.
jadi Harus ? Login.....
pinter..... :D







POC :

- Create .phtml or .ptar file with malicious PHP payload;
- Upload .phtml or .ptar file in the 'File Manager' module;
- Click on the uploaded file to perform remote code execution.



Awal di intyercept terus Send repeater










oke, Cukup mudah bukan ?
Semoga kalian paham dengan postingan ini,

Akhir kata


" A N J A Y "


Wassalamualikum.


#crusher.