RazorCMS <= 1.2.1 STABLE File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : RazorCMS <= 1.2.1 STABLE File Upload Vulnerability
# Published : 2012-03-08
# Author :
# Previous Title : Belkatalog CMS SQL Injection Vulnerability
# Next Title : lizard cart SQLi (search.php)

# Exploit Title: RazorCMS <= 1.2.1 STABLE File Upload Vulnerability
# Google Dork: 
?# Date: 2012-02-26
# Author: i2sec_Hyo jun Oh
# Software Link: http://www.razorcms.co.uk/archive/core/razorCMS_core_v1_2_1_STABLE.zip 
# Version: RazorCMS 1.2.1
# Tested on: Windows XP

Upload a file extension did not check.

Destination

1. user login
2. user upload webshell
3. Run sebshell  ----- <host>/datastore/webshell.php