Advertisement






Laraship Form Builder 5.5 Unrestricted File Upload Vulnerability

CVE Category Price Severity
CVE-2021-28689 CWE-434 $500 High
Author Risk Exploitation Type Date
Exploit Alert Team High Remote 2018-02-15
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018020166

Below is a copy:

Laraship Form Builder 5.5 Unrestricted File Upload Vulnerability
============================================================================================================================
| # Title     : Laraship Form Builder 5.5 Unrestricted File Upload Vulnerability                                           |
| # Author    : indoushka                                                                                                  |
| # Telegram  : @indoushka                                                                                                 |
| # Tested on : Win 10 X64 /Fr(Pro)                                                                                        |
| # Vendor    : https://codecanyon.net/item/laraship-form-builder/21301038                                                 |  
| # Dork      : n/a                                                                                                        |
============================================================================================================================

poc :

[+] Login as admin .

http://formbuilder.laraship.com/login

[+] Go 2 File manager and upload your Ev!l 

http://formbuilder.laraship.com/file-manager#elf_l1_Lw

http://zone-h.org/mirror/id/30802580

Greetz :----------------------------------------------------------------------------------------
                                                                                               |
jericho * Larry W. Cashdollar * 9aylas * djroot.dz *Gjoko 'LiquidWorm' Krstic                  |
                                                                                               |
================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.