[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : SelectSurvey CMS (ASP.NET) Arbitrary File Upload
# Published : 2012-12-21
# Author :
# Previous Title : E SMS Script Multiple SQL Injection Vulnerabilities
# Next Title : Guru Auction 2.0 Multiple SQL Injection Vulnerabilities
=============================================================
SelectSurvey CMS (ASP.NET) Shell Upload Vulnerability
=============================================================
###################################################
#
# Exploit Title: SelectSurvey.NETv4 CMS (ASP.NET) Shell Upload Vulnerability
# DDate: 20/12/2012
# Author: 040
# Software Link: www.classapps.com
# Version: 3.x . 4.0
# Tested on: windows
# dork : "SelectSurvey.NETv4 site:uk"
# Contact: cyber040@hotmail.com ~ @04hazmi
#
####################################################
exploit # /survey/UploadImagePopup.aspx
or http://survey.site.com/UploadImagePopup.aspx
Upload to # http://site.com/UploadedImages/shell.asp
#######################################################
Greetz : Matlo3a-Dz