=======================================================================

# FXRecruiter CMS Arbitary File Upload Vulnerability

=======================================================================

# Name: FXRecruiter CMS Arbitary File Upload Vulnerability



# Vendor: http://www.fxrecruiter.co.uk & http://www.reversedelta.com



# Risk: High



# Date: 2011-03-25



# Author: Ashiyane Digital Security Team



# Contact: XroGuE_p3rsi4n_hack3r[at]Hotmail[Dot]com



# Home: www.Ashiyane.org/forums/ 



# Gr33tz: Behrooz_Ice,Virangar,And All Ashiyane Members !



==========================================================================

 

[+] Dork: intext:"Powered by FXRecruiter"

 

==========================================================================

[+] Note : You must Register at site, Then in "Upload CV Field" Select and 



[-] Upload Your File, then Using "Live Http Header" Change ur File Format To Etc ... 



[+] Uploaded path: http://127.0.0.1/fxmodules/resumes/[Your File].*



==========================================================================