RazorCMS 1.2.1 STABLE - Arbitrary File Upload

Author: i2sec_Hyo jun Oh
type: webapps
platform: php
port: 
date_added: 2012-03-08 
date_updated: 2012-03-08 
verified: 0 
codes: OSVDB-80619 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comrazorCMS_core_v1_2_1_STABLE.zip

# Exploit Title: RazorCMS <= 1.2.1 STABLE File Upload Vulnerability
# Google Dork:
# Date: 2012-02-26
# Author: i2sec_Hyo jun Oh
# Software Link: http://www.razorcms.co.uk/archive/core/razorCMS_core_v1_2_1_STABLE.zip
# Version: RazorCMS 1.2.1
# Tested on: Windows XP

Upload a file extension did not check.

Destination

1. user login
2. user upload webshell
3. Run sebshell  ----- <host>/datastore/webshell.php