NextCMS File Upload Vulnerability

2017.01.17
ir Ashiyane Digital Security Team (IR) ir
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/Content/Roxy_Fileman/

*=============================================================| | Exploit Title: NextCMS File Upload Vulnerability | Exploit Author: Ashiyane Digital Security Team | vendor homepage : http://www.cnblogs.com/ForEvErNoME/p/4987513.html | DownloadLink : https://github.com/TerryChenUI/NextCMS | Google Dork 1: inurl:/Content/Roxy_Fileman/ | Google Dork 2: intitle:"roxy file manager" | Tested on: Kali Linux | Date: 1 /11 / 2017 |===========| | Vulnerability Path : http://[Target]/[Path]/Content/Roxy_Fileman/ | Vulnerability Method :GET |===========| | Vulnerability description: | This page allows visitors to upload files to the server. | Various web applications allow users to upload files (such as images, html,..). |=============================================================| |Demo : |http://www.rnrgames.com/content/Roxy_Fileman/ |http://www.devfw.net/Content/Roxy_Fileman/ |http://con-serv.com.au/Content/Roxy_Fileman/index.html |http://www.rnrgames.com/content/Roxy_Fileman/ *=============================================================| | Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ، micle ، | Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ، | r4ouf ، Spoofer ، And All Of My Friends ، | The Last One : My Self, M.R.S.L.Y *=============================================================|


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top