Advertisement






Drupal 7 ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability

CVE Category Price Severity
N/A CWE-287 Not specified High
Author Risk Exploitation Type Date
ItalianGov Fi - IT High Remote 2018-06-22
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 0 0

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018060240

Below is a copy:

Drupal 7 ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability
#################################################################################################

# Exploit Title : Drupal 7 jQuery ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 22/06/2018
# Vendor Homepage : regione.toscana.it - jquery.com
# Tested On : Windows
# Version : 7
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-287 [ Improper Authentication ] + CWE-284 [ Improper Access Control ]

#################################################################################################

# Google Dorks : 

intext:''Scrivi al Comune'' site:fi.it

Il testo del tuo messaggio * site:fi.it

# Exploits : 

/scrivi-al-comune
/scrivi-al-comune-0
/segnalazioni-e-reclami-0
/scrivi-al-sindaco-0
/node/19

# Path : /sites/www.comune.DOMAINADDRESS.fi.it/files/webform/.....

# Note => Allowed File Extensions : gif jpg png tif txt rtf odf pdf doc docx xls xlsx.

# Don't forget to put www. before comune. on the URL Address bar.

#################################################################################################

# Example Sites and Target IP  =>  159.213.236.225

[ Proof of Concept for Vulnerability and Exploit ] => archive.is/zUN5z - archive.is/3IMxH

comune.vicchio.fi.it/segnalazioni-e-reclami-0 
comunebarberino.it/scrivi-al-comune
comune.borgo-san-lorenzo.fi.it/scrivi-al-comune-0
comune.bagno-a-ripoli.fi.it/scrivi-al-sindaco-0
comune.rignano-sullarno.fi.it/scrivi-al-comune
comune.pontassieve.fi.it/scrivi-al-comune-0
comune.marradi.fi.it/scrivi-al-comune
comune.dicomano.fi.it/scrivi-al-comune-0
comune.reggello.fi.it/scrivi-al-comune-0
comune.palazzuolo-sul-senio.fi.it/scrivi-al-comune
comune.scarperiaesanpiero.fi.it/scrivi-al-comune
comune.provagliodiseo.bs.it/node/19
comune.terni.it/scrivi-al-comune

################################################################################################

Reference Topic Link [ It belongs to me ] => cyberizm.org/cyberizm-drupal-7-jquery-italia-fi-it-scrivi-al-comune-exploit.html

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum