Graffiti CMS 1.x Arbitrary File Upload

Graffiti CMS 1.x Arbitrary File Upload: Posted Sep 10, 2009; Authored by Alexander Concha | Site buayacorp.com; Graffiti CMS version 1.x suffers from an arbitrary file upload vulnerability.; tags | exploit, arbitrary, file upload; SHA-256 | 6b4900b34f604e733aaea8d21807fccbb643ab1a2bbb8ad7615e3c5c321d6a11; Download | Favorite | View

Graffiti CMS 1.x Arbitrary File Upload

Graffiti CMS includes a file manager component that allows
unauthenticated users to upload files (including asp.net pages which
allow code execution). All versions are affected by this
vulnerability.

To exploit this issue, it only suffices to access to the following URL.

http://DOMAIN_TLD/GRAFFITI_CMS_INSTALL_DIR/__utility/Telligent_Editor/editor/filemanager/browser/default/browser.html?connector=../../connectors/aspx/connector.aspx

Top Authors In Last 30 Days

Red Hat 205 files
Ubuntu 84 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,350)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,266)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,658)
UNIX (9,425)
UnixWare (187)
Windows (6,666)
Other

Graffiti CMS 1.x Arbitrary File Upload

Graffiti CMS 1.x Arbitrary File Upload

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Graffiti CMS 1.x Arbitrary File Upload

Share This

Graffiti CMS 1.x Arbitrary File Upload

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems