Sflog! CMS 1.0 Arbitrary File Upload
https://packetstormsecurity.com/files/116328/sflog_upload_exec.rb.txt
https://packetstormsecurity.com/files/116328/sflog_upload_exec.rb.txthttps://packetstormsecurity.com/files/116328/Sflog-CMS-1.0-Arbitrary-File-Upload.htmlFri, 07 Sep 2012 03:39:55 GMTThis Metasploit module exploits multiple design flaws in Sflog 1.0. By default, the CMS has a default admin credential of "admin:secret", which can be abused to access administrative features such as blogs management. Through the management interface, we can upload a backdoor that's accessible by any remote user, and then gain arbitrary code execution.