Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2017010052

Below is a copy:

Nuked Klan CMS 1.8 File Upload*=============================================================|
|A  Exploit Title:A  CMS_Nuked-Kla File Upload Vulnerability 
| 
|A  Exploit Author: Ashiyane Digital Security Team
| 
|A  Vendor HomePage: https://github.com/Nuked-Klan/CMS_Nuked-Klan
|
|A  Download Link : https://github.com/Nuked-Klan/CMS_Nuked-Klan/archive/develop_1.8.zip
|
|A  Version : V 1.8
| 
|A  Dork : index of:"filemanager/dialog.php"
|
|A  Tested on:A  Kali Linux 
| 
|A  Date: 1 /3 / 2017
*=============================================================|
|A  Vulnerability Path : http://127.0.0.1/CMS_Nuked-Klan-develop_1.8/media/tinymce/plugins/filemanager/dialog.php 
|A  Vulnerability Path : http://127.0.0.1/6/CMS_Nuked-Klan-develop_1.8/media/filemanager/dialog.php 
|A  Vulnerability Method :GET
*===========================|
|A  Proof :
|
|A  http://arksun.com/plugins/tinymce/filemanager/dialog.php
|A  https://www.mygolfballdrop.com/static/plugins/filemanager/dialog.php
|A  http://www.globalasset-group.com/wwwassets/libraries/filemanager/dialog.php
|A  http://www.gracegospelcommission.org/filemanager/dialog.php
|A  http://www.visiun.fr/lib/filemanager/dialog.php
*===========================|
|A  Vulnerability description
*===:
|A  This page allows visitors to upload files to the server.
|A  Various web applications allow users to upload files (such as images, html, ...).
|A  Uploaded files may pose a significant risk if not handled correctly.
|A  A remote attacker could send a multipart/form-data POST request 
|A  with a specially-crafted filename or mime type and execute arbitrary code.
*=============================================================|
| Discovered By : M.R.S.L.Y
*=============================================================|A  

Copyright ©2017 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.