ProfileCMS 1.0 - Arbitrary File Upload

EDB-ID:

4586




Platform:

PHP

Date:

2007-10-29


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

ProfileCMS v1.0 Shell Upload Exploit

Demo : http://slrate.com/

You can direct upload PHP shell instead of image while creating profile  at this script, For example http://slrate.com/profiles here you can direct upload shell instead of images.

Dorks :

"Total Generators & Widgets"
"Powered By ProfileCMS v1.0"

# milw0rm.com [2007-10-29]