This exploit demonstrates an arbitrary file upload vulnerability in AspxCommerce v2.0 via the LogoHandler.ashx module, allowing remote attackers to upload and execute malicious ASPX files. The PoC includes a functional ASPX shell for command execution.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:AspxCommerce v2.0 and below
No auth needed
Prerequisites:Network access to the target application · Ability to send HTTP POST requests