Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-23456 | CWE-79 | $500 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2019-05-10 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.74564 | 0.894127 |
####################################################################### Exploit Title: Justboil.ME Plugins Image Upload Vulnerability New Method Author: L4663r666h05t Tested On: Windows 10 x64 Vendor: http://justboil.me/ Dork: inurl:/plugins/justboil.me/ site: Date: 9 May 2019 ####################################################################### Exploit File: dialog-v4.htm Dorking in google or another search engine (Bing,Yahoo,DuckDuckGO ) YOU NEED TO REGISTER FIRST Demo: https://jurnal.stmik.banisaleh.ac.id/plugins/generic/tinymce/plugins/justboil.me/dialog-v4.htm http://journal.gunabangsa.ac.id/plugins/generic/tinymce/plugins/justboil.me/dialog-v4.htm Path Images/Shell: http://localhost/public/site/images/[user name]/shell.png ( IF YOU NEED TO REGISTER FIRST ) Note: This proof of concept same with JBImages only the different plugin name but need to register first, sometimes no need register. Impact: An attacker allow to upload an image. Thanks To: All Indonesian Hackers
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.