[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Graffiti CMS 1.x Arbitrary File Upload Vulnerability
# Published : 2009-09-10
# Author : Alexander Concha
# Previous Title : Nullam Blog 0.1.2 (LFI/FD/SQL/XSS) Multiple Remote Vulnerabilities
# Next Title : MYRE Holiday Rental Manager (action) SQL Injection Vulnerability


Graffiti CMS includes a file manager component that allows
unauthenticated users to upload files (including asp.net pages which
allow code execution). All versions are affected by this
vulnerability.

To exploit this issue, it only suffices to access to the following URL.

http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx

# www.Syue.com [2009-09-10]