Roxy File Manager Shell Upload Vulnerability

#- Title: Roxy File Manager Shell Upload Vulnerability

#- Author: Ice-cream

#- Date: 2015

#- Developer : Lyubomir Arsov

#- Link Download : roxyfileman .com/download

#- Google Dork: intitle:"Roxy File Manager"

#- Fixed in Version : -

#- Tested on : Wedus

=======================================================

-- Proof Of Concept --

Vulnerability : Site.com/path/fileman/

When Vulnerable : 

Methode : 

1. Add File

2. Choose your shell 

* Shell Extension : x.php.xxxjpg / x.php.asp / x.php.jpg / x.php5

3. if succes, your shell will visible there.

Shell Path : Here