Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload

2015.04.24
Credit: ZoRLu
Risk: High
Local: No
Remote: Yes
CVE: N/A

#Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities #Author : ZoRLu / zorlu@milw00rm.com #Website : milw00rm.com / milw00rm.net / milw00rm.org #Twitter : https://twitter.com/milw00rm or @milw00rm #Test : Windows7 Ultimate #Discovery : 15/04/15 #Publish : 23/04/15 #Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net, cxsecurity.com and others #BkiAdam : Dr.Ly0n, KnocKout, LifeSteaLeR, Nicx #Demo : http://avsarsoft.com/matbaa/ #Demo User : sop08574@qisdo.com #Demo Pass : 123456 1) Remote File Upload Vulnerability you go here: localhost/path/index.php?Git=KartvizitTasarla localhost/path//index.php?Git=BrosurTasarla localhost/path/index.php?Git=DavetiyeTasarla after click to "Resim Ekle" select your php file and wait for upload after go here for you php file localhost/path/upload/file.php 1) Multiple XSS Vulnerabilities register to site localhost/path/index.php?Git=UyeOl after login localhost/path/index.php?Git=Uyelik after go here and add your xss code localhost/path/index.php?Git=KontrolPaneli&Sayfa=KisiselBilgilerim localhost/path/index.php?Git=KontrolPaneli&Sayfa=AdresBilgilerim localhost/path/index.php?Git=KontrolPaneli&Sayfa=Yorumlar


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top