====================================================================================================================================
| # Title     : doorGets CMS v7.0 Unrestricted File Upload Vulnerability                                                           |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 65.0(32-bit)                                               | 
| # Vendor    : https://doorgets.io/t/en/                                                                                          |  
| # Dork      : "Powered with doorGets ™"                                                                                          |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] Register new user . http://127.0.0.1/bestwayschoolcom/dg-user/en/?controller=authentification&action=register

[+] Confirmation link in the email.

[+] After login go to manage your profile http://127.0.0.1/eXplored/dg-user/en/?controller=account 

[+] From paramaters Choose an HTML editor ( editor tinymce ) & press Save .

[+] Creat new Blog http://127.0.0.1/eXplored/dg-user/en/?controller=moduleblog&uri=blog&action=add

[+] insert your Ev!l .php2 .html .svg ...

[+] http://127.0.0.1/fileman/Uploads/ (Uploaded malicious files can be run remotely )

Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |
=======================================================================================================================================