Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability
CVE
Category
Price
Severity
CWE-287
Not specified
High
Author
Risk
Exploitation Type
Date
Exploit Alert Team
High
Remote
2018-06-02
CPE
cpe:cpe:/a:drupal:paisdigital:arbitrary_file_upload_vulnerability
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018060021 Below is a copy:
Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability #################################################################################################
# Exploit Title : Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 01/06/2018
# Vendor Homepage : argentina.gob.ar/paisdigital
# Tested On : Windows
# Exploit Risk : High
#################################################################################################
# Google Dork 1 : inurl:''/?q=contacto'' site:gob.ar
# Google Dork 2 : intext:''Los archivos deben ser menores que 2 MB.'' site:gob.ar
# Google Dork 3 : intext:''Tipos de archivo permitidos: gif jpg jpeg png txt rtf html pdf doc docx odt ppt pptx odp xls xlsx.'' site:gob.ar
# Exploit : /?q=contacto
# Path : /sites/default/files/webform/....
# Notes => Allowed File Extensions : gif jpg jpeg png txt rtf html pdf doc docx odt ppt pptx odp xls xlsx.
#################################################################################################
# Example Site => municipalidaddeaguascalientes.gob.ar/?q=contacto [ Proof of Concept ] => archive.is/d8GHu
# Target IP Address => 186.33.254.182
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum