Advertisement






Разработка сайта Artonica Russia Unauthorized File Insertion

CVE Category Price Severity
CVE-2021-38167 CWE-264 Not disclosed High
Author Risk Exploitation Type Date
Unknown High Remote 2019-05-23
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019050265

Below is a copy:

Artonica Russia Unauthorized File Insertion
####################################################################

# Exploit Title :   Artonica Russia Unauthorized File Insertion
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 21/05/2019
# Vendor Homepage : artonica.ru
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext: : Artonica site:ru
# Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description About Software :
*****************************
Artonica is a Web Design and Development Company in Russia.

####################################################################

# Impact :
***********
Artonica is prone to a vulnerability that lets attackers 
upload arbitrary files because it fails to adequately sanitize user-supplied input. 

An attacker can exploit this vulnerability to upload arbitrary code and execute
it in the context of the webserver process. This may facilitate unauthorized access 
or privilege escalation; other attacks are also possible.

####################################################################

# Arbitrary File Upload / Unauthorized File Insert Exploit :
**************************************************
/common/admin/vendor/fckeditor/editor/filemanager/connectors/uploadtest.html

Select the "File Uploader" to use:  Resource Type : PHP

Directory File Path :
******************
/common/upload/[YOURFILENAME].txt .jpg .gif .png

####################################################################

# Example Vulnerable Sites :
************************
[+] afrocom.ru/common/admin/vendor/fckeditor/editor/filemanager/connectors/uploadtest.html

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum