This exploit demonstrates an arbitrary file upload vulnerability in Kartris 1.6 via a multipart/form-data POST request to the Admin/_GeneralFiles.aspx endpoint. The attacker can upload a malicious ASPX file, leading to potential remote code execution (RCE) if the file is executed.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Kartris 1.6
Auth required
Prerequisites:Access to the admin panel · Valid session cookies