SelectSurvey CMS (ASP.NET) Shell Upload Vulnerability

vendor:

SelectSurvey CMS

by:

7.5

CVSS

HIGH

Shell Upload

434

CWE

Product Name: SelectSurvey CMS

Affected Version From: 3.x

Affected Version To: 4

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

2012

SelectSurvey CMS (ASP.NET) Shell Upload Vulnerability

This vulnerability allows an attacker to upload a shell ASP file to the SelectSurvey CMS (ASP.NET) application, which can lead to remote code execution.

Mitigation:

Update to the latest version of SelectSurvey CMS to fix this vulnerability. Additionally, restrict file uploads to only allow specific file types.

Source

Exploit-DB raw data:

=============================================================
SelectSurvey CMS (ASP.NET) Shell Upload Vulnerability
=============================================================
 
###################################################
#
# Exploit Title: SelectSurvey.NETv4 CMS (ASP.NET) Shell Upload Vulnerability
# DDate: 20/12/2012
# Author: 040
# Software Link: www.classapps.com
# Version: 3.x . 4.0
# Tested on: windows
# dork : "SelectSurvey.NETv4 site:uk"
# Contact: cyber040@hotmail.com ~ @04hazmi
#
####################################################
 
    exploit # /survey/UploadImagePopup.aspx
 
or http://survey.site.com/UploadImagePopup.aspx
 
 
  Upload to # http://site.com/UploadedImages/shell.asp
 
 
#######################################################
 

Greetz :  Matlo3a-Dz