Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-434 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2019-06-28 |
/*! * ::- Title: Online Lawyer Booking Solutions - GOCOURT v1.0 WebShell Upload * ::- Author: m0ze * ::- Date: 2019/05/01 * ::- Software: Online Lawyer Booking Solutions - GOCOURT v1.0 */ ::- Details & Description -:: ~ WebShell upload capability was discovered in the Online Lawyer Booking Solutions - GOCOURT. Current version of this web-application is 1.0. ::- Demo Website -:: ~ https://codecanyon.net/item/gocourt-find-a-lawyer/17787763 ~ Frontend: http://demo.gocourt.in ~ Backend: http://demo.gocourt.in/admin ~ Login / Password: admin / admin ::- Special Note -:: ~ Stored XSS Injections is possible too, but it's not really interesting. ::- Google Dork -:: ~ - ::- PoC Links -:: ~ http://demo.gocourt.in/admin/uploads/ ~ http://demo.gocourt.in/admin/uploads/up-up.php ~ http://demo.gocourt.in/admin/uploads/up-dir.php ~ http://demo.gocourt.in/admin/images/user-image.php ::- PoC [WebShell Upload] -:: ~ Go to the demo website http://demo.gocourt.in/admin and log in with provided credentials (admin / admin). Then go to the: 1 - Edit Profile page http://demo.gocourt.in/admin/welcome/editprofile_view and use the Display Image field for .php file upload; 2 - Webinfo Details page http://demo.gocourt.in/admin/Settings/index and use the Logo field for .php file upload; 3 - View Customers Details page http://demo.gocourt.in/admin/Customer_Controller/index and use the Professional Photograph field for .php file upload (create a new profile or edit any existed).
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.