Advertisement






Justboil.ME Plugins Image Upload Vulnerability New Method

CVE Category Price Severity
CVE-2021-23456 CWE-79 $500 Critical
Author Risk Exploitation Type Date
Unknown High Remote 2019-05-10
CVSS EPSS EPSSP
CVSS:4.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.74564 0.894127

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019050108

Below is a copy:

Justboil.ME Plugins Image Upload Vulnerability New Method
#######################################################################
Exploit Title: Justboil.ME Plugins Image Upload Vulnerability New Method
Author: L4663r666h05t
Tested On: Windows 10 x64
Vendor: http://justboil.me/
Dork: inurl:/plugins/justboil.me/ site:
Date: 9 May 2019
#######################################################################

Exploit File: dialog-v4.htm
Dorking in google or another search engine (Bing,Yahoo,DuckDuckGO )

YOU NEED TO REGISTER FIRST

Demo:
https://jurnal.stmik.banisaleh.ac.id/plugins/generic/tinymce/plugins/justboil.me/dialog-v4.htm
http://journal.gunabangsa.ac.id/plugins/generic/tinymce/plugins/justboil.me/dialog-v4.htm

Path Images/Shell:
http://localhost/public/site/images/[user name]/shell.png ( IF YOU NEED TO REGISTER FIRST )

Note:
This proof of concept same with JBImages only the different plugin name but need to register first, sometimes no need register.

Impact:
An attacker allow to upload an image.

Thanks To: All Indonesian Hackers

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.