RazorCMS 1.2.1 STABLE – Arbitrary File Upload

• Exploit Database
• 14 阅读

• 作者： i2sec_Hyo jun Oh
  日期： 2012-03-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18574/

• # Exploit Title: RazorCMS <= 1.2.1 STABLE File Upload Vulnerability
  # Google Dork: 
  # Date: 2012-02-26
  # Author: i2sec_Hyo jun Oh
  # Software Link: http://www.razorcms.co.uk/archive/core/razorCMS_core_v1_2_1_STABLE.zip 
  # Version: RazorCMS 1.2.1
  # Tested on: Windows XP
  
  Upload a file extension did not check.
  
  Destination
  
  1. user login
  2. user upload webshell
  3. Run sebshell----- <host>/datastore/webshell.php