Advertisement






Wchat - Fully Responsive PHP AJAX Chat Script 1.5 unrestricted file upload Vulnerability

CVE Category Price Severity
CWE-434 Not specified High
Author Risk Exploitation Type Date
Not specified High Remote 2018-07-09
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.92132 0.81504

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018070101

Below is a copy:

Wchat - Fully Responsive PHP AJAX Chat Script 1.5 unrestricted file upload Vulnerability
====================================================================================================================================
| # Title     : Wchat - Fully Responsive PHP AJAX Chat Script 1.5 unrestricted file upload Vulnerability                           |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro)                                                                                        |
| # Vendor    : https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?s_rank=1327                               |  
| # Dork      : Wchat - Admin Login                                                                                                |
====================================================================================================================================


poc :


[+]  Dorking n Google Or Other Search Enggine .

[+]  Create your account and go to "Edit profile"

[+]  Change Profile Picture & upload Ev!l php .

[+]  http://wchat.emarketkl.com/storage/user_image/7080487233.php


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.