MOAUB #13 - Luftguitar CMS Vulnerability: Upload Arbitrary File

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MOAUB #13 - Luftguitar CMS Vulnerability: Upload Arbitrary File
# Published : 2010-09-13
# Author : Abysssec
# Previous Title : Joomla Component Mosets Tree 2.1.5 Shell Upload Vulnerability
# Next Title : Group Office 3.5.9 SQL Injection Vulnerability

'''
  __  __  ____         _    _ ____  
 |  /  |/ __    /  | |  | |  _  
 |   / | |  | | /   | |  | | |_) |
 | |/| | |  | |/ / | |  | |  _ < 
 | |  | | |__| / ____  |__| | |_) |
 |_|  |_|____/_/    _____/|____/ 

http://www.exploit-db.com/moaub-13-luftguitar-cms-vulnerability-upload-arbitrary-file/
'''

Abysssec Inc Public Advisory
 
 
  Title            :  Luftguitar CMS Vulnerability: Upload arbitrary file
  Affected Version :  Luftguitar CMS 2.0.2
  Discovery        :  www.abysssec.com
  Vendor	   :  

  Demo  	   :  
  Download Links   :  http://sourceforge.net/projects/luftguitarcms/ 		      
		      

Description :
===========================================================================================      

  This CMS have Upload arbitrary file valnerability with Image Gallery.

  you can upload your file with this path:
    http://Example.com/Backstage/Components/FreeTextBox/ftb.imagegallery.aspx  


  Uploaded files will be placing in this path:

    http://Example.com/Images/ 


===========================================================================================