The exploit demonstrates multiple vulnerabilities in Slash CMS, including an unrestricted file upload leading to RCE and SQL injection/XSS via crafted HTTP requests. The file upload allows arbitrary PHP files to be uploaded to /tmp/, while the SQLi/XSS exploits leverage the 'id' parameter in the 'sl_pages' module.
Classification
Working Poc 90%
Attack Type
Rce | Sqli | Xss
Target:
Slash CMS (version not specified)
No auth needed
Prerequisites:
Access to the target web application · File upload functionality enabled · PHP execution allowed in /tmp/ directory