FXRecruiter Shell Upload

`  
=======================================================================  
  
# FXRecruiter CMS Arbitary File Upload Vulnerability  
  
=======================================================================  
  
# Name: FXRecruiter CMS Arbitary File Upload Vulnerability  
  
  
  
# Vendor: http://www.fxrecruiter.co.uk & http://www.reversedelta.com  
  
  
  
# Risk: High  
  
  
  
# Date: 2011-03-25  
  
  
  
# Author: Ashiyane Digital Security Team  
  
  
  
# Contact: XroGuE_p3rsi4n_hack3r[at]Hotmail[Dot]com  
  
  
  
# Home: www.Ashiyane.org/forums/   
  
  
  
# Gr33tz: Behrooz_Ice,Virangar,And All Ashiyane Members !  
  
  
  
==========================================================================  
  
  
  
[+] Dork: intext:"Powered by FXRecruiter"  
  
  
  
==========================================================================  
  
[+] Note : You must Register at site, Then in "Upload CV Field" Select and   
  
  
  
[-] Upload Your File, then Using "Live Http Header" Change ur File Format To Etc ...   
  
  
  
[+] Uploaded path: http://127.0.0.1/fxmodules/resumes/[Your File].*  
  
  
  
==========================================================================  
  
  
  
  
`