Sitefinity is a modern ASP.NET Web CMS , shell uploadin

2016.10.26

iran anonymous (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:”Sitefinity: Login.aspx”

# Exploit Title: [upload shell in sites Sitefinity]
# Google Dork: 
1 :[inurl:”Sitefinity: Login.aspx”]
2 :[inurl:”Sitefinity”]
# Date: [Tuesday, Mehr 27, 1395 AP]
# Exploit Author: [IRanonymous]
# site: [www.anonymous-team.com]


#exploit
1: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx


2: target.com/sitefinity/login.aspx

#demo
http://www.eastnets.com/Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx

upload shell  .jpg, .jpeg, .gif, .png.

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Sitefinity is a modern ASP.NET Web CMS , shell uploadin

Dork: inurl:”Sitefinity: Login.aspx”

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.