NextCMS File Upload Vulnerability
Posted on 30 November -0001
<HTML><HEAD><TITLE>NextCMS File Upload Vulnerability </TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>*=============================================================| | Exploit Title: NextCMS File Upload Vulnerability | Exploit Author: Ashiyane Digital Security Team | vendor homepage : http://www.cnblogs.com/ForEvErNoME/p/4987513.html | DownloadLink : https://github.com/TerryChenUI/NextCMS | Google Dork 1: inurl:/Content/Roxy_Fileman/ | Google Dork 2: intitle:"roxy file manager" | Tested on: Kali Linux | Date: 1 /11 / 2017 |===========| | Vulnerability Path : http://[Target]/[Path]/Content/Roxy_Fileman/ | Vulnerability Method :GET |===========| | Vulnerability description: | This page allows visitors to upload files to the server. | Various web applications allow users to upload files (such as images, html,..). |=============================================================| |Demo : |http://www.rnrgames.com/content/Roxy_Fileman/ |http://www.devfw.net/Content/Roxy_Fileman/ |http://con-serv.com.au/Content/Roxy_Fileman/index.html |http://www.rnrgames.com/content/Roxy_Fileman/ *=============================================================| | Special Thanks To : Behrooz_Ice، Virangar ,H_SQLI.EMpiRe ، Ehsan Cod3r ، micle ، | Und3rgr0und ، Amir.ght ، xenotix، modiret، V For Vendetta ، Alireza ، | r4ouf ، Spoofer ، And All Of My Friends ، | The Last One : My Self, M.R.S.L.Y *=============================================================| </BODY></HTML>