Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-20033 | CWE-434 | Not specified | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Not specified | High | Remote | 2018-02-05 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 | # Title : shopify.com unrestricted file upload Vulnerability | # Author : indoushka | # email : [email protected] | # Dork : Powered by Shopify | # Tested on: windows 8.1 Franais V.(Pro) ======================================================================== poc : craet a new free acount After access to the Control Panel ex: https://yourname.myshopify.com/admin/auth/login Go to section Add product ex: https://yourname.myshopify.com/admin/products/ Add a new product with attaching images (insert image) Choose a different file extension Find the files here poc : http://cdn.shopify.com/s/files/1/0912/8298/files/test.htm http://cdn.shopify.com/s/files/1/0912/8298/files/ahmad.mp3 http://cdn.shopify.com/s/files/1/0912/8298/files/index.htm http://cdn.shopify.com/s/files/1/0912/8298/files/ahmad.php http://cdn.shopify.com/s/files/1/0912/8298/files/index_7082b8ce-7bd2-40e8-ac57-1da130812fbf.htm http://cdn.shopify.com/s/files/1/0912/8298/files/.htaccsess Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.