Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-434 | $500 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2022-07-09 |
### # Title : Exploit mktba 4.2 Arbitrary File Upload # Author : Dz MinD Injector # Home : Algeria 23000 d^_^b # FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector # Type : proof of concept # Tested on : Windows 10 # Date : 09/07/2022 ### I'm Back : ) # Description: An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions # PoC: Easy linke : http://127.0.0.1/upload.php you can use Burpsuite or tamperdata to bypass jpg to php shell Enjoy : ) # Proof and Exploit: http://islami.eb2a.com/upload/aln3esa-1657397278.jpg http://alajmh.com/mktba/quraan2/mp3/aln3esa-1657397316.jpg http://ashry.freetzi.com/upload/aln3esa-1657397801.jpg [+] FinD More Traget In google = )
Copyright ©2024 Exploitalert.