This module exploits an arbitrary file upload vulnerability in
FlexDotnetCMS v1.5.8 and prior in order to execute arbitrary
commands with elevated privileges.
The module first tries to authenticate to FlexDotnetCMS via an HTTP
POST request to `/login`. It then attempts to upload a random TXT
file and subsequently uses the FlexDotnetCMS file editor to rename
the TXT file to an ASP file. If this succeeds, the target is
vulnerable and the ASP file is generated as a copy of the TXT file,
which remains on the server.
Next, the module sends another request to rename the TXT file to an
ASP file, this time adding the payload. Finally, the module tries
to execute the ASP payload via a simple HTTP GET request to
Valid credentials for a FlexDotnetCMS user with permissions to use
the FileManager are required. This module has been successfully
tested against FlexDotnetCMS v1.5.8 running on Windows Server 2012.