ParsCMS - Arbitrary File Upload

2020.01.06
de Unkn0wn (DE) de
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: "modules/eform/upload/"

--------------------------------------------------------- # Exploit Title: ParsCMS - Arbitrary File Upload # Google Dork: N/A # Date: 2020-01-01 # Exploit Author: Unkn0wn (0x9a@tuta.io) # Vendor Homepage: http://parscms.com/ # Software Link: private cms # Version: 1.0 # Tested on: Ubuntu # CVE : N/A --------------------------------------------------------- exploit: "modules/eform/upload/" demo: http://iauda.ac.ir/modules/eform/upload/ https://www.msc.ir/modules/eform/upload/ http://farhangi.tums.ac.ir/en/modules/eform/upload/ http://old.isipo.ir/modules/eform/upload/ http://eskordi.com/modules/eform/upload/ http://pdiaari.tums.ac.ir/modules/eform/upload/ http://rvp.iauda.ac.ir/modules/eform/upload/ http://www.rca.gov.ir/modules/eform/upload/ http://farhangi.tums.ac.ir/en/modules/eform/upload/ ---------------------------------------------------------- "Happy new Year 2020" # https://Github.com/0x9a # https:/t.me/Bl4ckC0des

References:

https://Github.com/0x9a


See this note in RAW Version
Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top