Umbraco CMS version 4.x is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx (method SaveDLRScript). I created this exploit because in some audits the public exploit that juan vazquez created did not work, thank Toby Clarke to discover the flaw. This small code uploads apsx files to Umbraco CMS 4.x.
This is private exploit. You can buy it at https://0day.today