Below is a copy: Client Manager Pro v2.5.1 WebShell Upload
# Title: Client Manager Pro v2.5.1 WebShell Upload
# Author: QUIXSS
# Date: 2019-04-17
# Software: Client Manager Pro v2.5.1
# Technical Details & Description:
# Weak file upload filtering has been discovered in the Client Manager Pro web-application. Current version of this web-application is 2.5.1.
# Demo Website:
# https://codecanyon.net/item/client-manager-pro/21701321
# http://crm.clustercoding.com/demo/
# Login: [email protected], Password: demo
# PoC Upload:
# http://crm.clustercoding.com/demo/public/uploaded_files/1555552176.php
# PoC [WebShell Upload]:
# Authorize on the demo website for tests: http://crm.clustercoding.com/demo/, login is [email protected] and passowrd is demo. There is two ways how we allowed to upload any .PHP file we want.
# The first one is via File Upload page ( http://crm.clustercoding.com/demo/folders ), add new folder or use any existed, it doesn't matter. Press the Add File button and fill in the form. .PHP file type is not allowed to upload, so change file type from .PHP to .PHP5 and upload your WebShell or other .PHP file u want. After successful upload your file will be on this directory waiting for your commands: http://crm.clustercoding.com/demo/public/uploaded_files/
# The second one is via users profile page, works for admin account and basic user accounts ( http://crm.clustercoding.com/demo/profile/user-profile ): choose as Profile Picture your .PHP5 file (change file type of your WebShell from .PHP to .PHP5) and press the Update Profile button, then inspect profile picture. Your uploaded file will be here -> http://crm.clustercoding.com/demo/public/profile_picture/
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum