Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability
CVE
Category
Price
Severity
CWE-287
Not specified
High
Author
Risk
Exploitation Type
Date
Exploit Alert Team
High
Remote
2018-06-02
CPE
cpe:cpe:/a:drupal:paisdigital:arbitrary_file_upload_vulnerability
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018060021 Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability #################################################################################################
# Exploit Title : Drupal PaisDigital ArgentinaGov Municipality ContactForm Arbitrary File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 01/06/2018
# Vendor Homepage : argentina.gob.ar/paisdigital
# Tested On : Windows
# Exploit Risk : High
#################################################################################################
# Google Dork 1 : inurl:''/?q=contacto'' site:gob.ar
# Google Dork 2 : intext:''Los archivos deben ser menores que 2 MB.'' site:gob.ar
# Google Dork 3 : intext:''Tipos de archivo permitidos: gif jpg jpeg png txt rtf html pdf doc docx odt ppt pptx odp xls xlsx.'' site:gob.ar
# Exploit : /?q=contacto
# Path : /sites/default/files/webform/....
# Notes => Allowed File Extensions : gif jpg jpeg png txt rtf html pdf doc docx odt ppt pptx odp xls xlsx.
#################################################################################################
# Example Site => municipalidaddeaguascalientes.gob.ar/?q=contacto [ Proof of Concept ] => archive.is/d8GHu
# Target IP Address => 186.33.254.182
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum