============================================================================================================================ | # Title : Free cms 1.0a xss via file uploads Vulnerability | | # Author : indoushka | | # Telegram : @indoushka | | # Tested on : windows 10 FranASSais V.(Pro) | | | # Vendor : http://download2.nust.na/pub4/sourceforge/f/fr/free-cms-for-your-websites/Free_cms_installation_1.0a.zip | | # Dork : n/a | ============================================================================================================================ POC : [+] Dorking Adegn Google Or Other Search Enggine . [+] use payload : tools/richfilemanager/ http://127.0.0.1/!Free_cms_installation_1.0a/tools/richfilemanager/ [+] choose your file svg and upload it . svg code Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================