Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| N/A | CWE-434 | Not disclosed | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Unknown | High | Remote | 2019-06-10 |
[+]Exploit Title: Pendaftaran Kontributor Indonesian sites BUG File Upload Vulnerability + Add Berita Vulnerability [+]Author: Negat1ve - [email protected] [+]Team: -1 and Electronic Thunderbolt Team [+]Goolge Dork: inurl:kontributor Allowed File : gif, jpg, png, jpeg [+]Tested on: Windows 10 x64 ======================================= [+]Proof Of Concept: Find website with the dork The vulnerability will shown at "Foto" with Allowed File : gif, jpg, png, jpeg You can Register with any data, no need to use a life email because no need to verification, you can bypass extension on the "Upload Form" on the "Foto" Upload file Once you are success for registering, you will redirected to https://site.com/administrator/home And youll find any menu and just be visible "Berita" menu there, you can add Berita or you can Upload your files in Edit Profile Proof: 1. example site http://kaltara.bawaslu.go.id/kontributor 2. fill all form, and i put lover.jpg on the "Foto" form 3. your file going through here http://kaltara.bawaslu.go.id/asset/foto_user/loser.jpg 4. and you redirect to http://kaltara.bawaslu.go.id/administrator/home 5. You can add a news/berita in http://kaltara.bawaslu.go.id/administrator/listberita 6. and you can upload your files in http://kaltara.bawaslu.go.id/administrator/edit_manajemenuser/Dashaaaa NB: Bypassing file extension is possible because i tried for upload php mini shell and its working Demo sites: http://kaltara.bawaslu.go.id/kontributor http://dikpora.jogjaprov.go.id/web/kontributor https://zeroninesaranamedia.com/kontributor http://uptb.bkpsdm.lubuklinggaukota.go.id/kontributor http://www.apaot-polresttu.com/kontributor Ton off websites is available by dorks
Copyright ©2024 Exploitalert.