NextCMS File Upload Vulnerability

Posted on 30 November -0001
<HTML><HEAD><TITLE>NextCMS File Upload Vulnerability </TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>*=============================================================|
| Exploit Title:  NextCMS File Upload Vulnerability 
| Exploit Author: Ashiyane Digital Security Team
| vendor homepage : http://www.cnblogs.com/ForEvErNoME/p/4987513.html
| DownloadLink : https://github.com/TerryChenUI/NextCMS
| Google Dork 1: inurl:/Content/Roxy_Fileman/
| Google Dork 2: intitle:"roxy file manager"
| Tested on:  Kali Linux 
| Date: 1 /11 / 2017
|===========|
| Vulnerability Path : http://[Target]/[Path]/Content/Roxy_Fileman/
| Vulnerability Method :GET
|===========|
| Vulnerability description:
| This page allows visitors to upload files to the server.
| Various web applications allow users to upload files (such as images, html,..).
|=============================================================|
|Demo :
|http://www.rnrgames.com/content/Roxy_Fileman/
|http://www.devfw.net/Content/Roxy_Fileman/
|http://con-serv.com.au/Content/Roxy_Fileman/index.html
|http://www.rnrgames.com/content/Roxy_Fileman/
*=============================================================|
| Special Thanks To : Behrooz_IceØŒ Virangar ,H_SQLI.EMpiRe ØŒ Ehsan Cod3r ØŒ micle ØŒ
| Und3rgr0und ØŒ Amir.ght ØŒ xenotixØŒ modiretØŒ V For Vendetta ØŒ Alireza ØŒ 
| r4ouf ØŒ Spoofer ØŒ And All Of My Friends ØŒ
| The Last One : My Self, M.R.S.L.Y  
*=============================================================| </BODY></HTML>
TOP
Malware :

Last 20
Exploits :

Last 20