softxmlcms Shell Upload Vulnerability

vendor:

softxmlcms

by:

Alexander

7.5

CVSS

HIGH

Web Applications

N/A

CWE

Product Name: softxmlcms

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows/asp/php

2011

softxmlcms Shell Upload Vulnerability

A vulnerability exists in softxmlcms which allows an attacker to upload a malicious file to the server. The attacker can access the file by navigating to the /images/ directory. The vulnerable page is XMLEditor2.0/uploadfile1.asp, where the attacker can select a malicious file and upload it to the server.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions. Additionally, ensure that the application is configured to only allow the upload of files to the appropriate directories.

Source

Exploit-DB raw data:

###########################################################################

Exploit Title : softxmlcms  Shell Upload Vulnerability

Google Dork : Powered by softxmlcms

Date : 2011-04-15 

Author : *Alexander* 

Software Link : http://www.softxml.com

Test On : Windows/asp/php

CVE : Web Applications

###########################################################################

===[ Exploit ]===  

http://server/[patch]/XMLEditor2.0/uploadfile1.asp

Select the Choose File And Then Browse File.php  Or File.asp

===[ Upload To ]===

http://server/[patch]/images/File.php

Or

http://server/[patch]/images/File.asp

===[ Demo ]===

http://server/softxmlcms/XMLEditor2.0/uploadfile1.asp

###########################################################################

Greetz : http://Ashiyane.org/Forums

Behrooz_Ice , Q7X , Virangar , Black And All Ashiyane Defacers