Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload

2015.04.24

Credit: ZoRLu

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79
CWE-264

#Title		: Avsarsoft Matbaa Script - Multiple Vulnerabilities
#Author		: ZoRLu / zorlu@milw00rm.com
#Website	: milw00rm.com / milw00rm.net / milw00rm.org
#Twitter	: https://twitter.com/milw00rm or @milw00rm
#Test		: Windows7 Ultimate
#Discovery	: 15/04/15
#Publish    : 23/04/15
#Thks		: exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net, cxsecurity.com and others
#BkiAdam	: Dr.Ly0n, KnocKout, LifeSteaLeR, Nicx
#Demo       : http://avsarsoft.com/matbaa/
#Demo User  : sop08574@qisdo.com
#Demo Pass  : 123456

1) Remote File Upload Vulnerability

you go here:

localhost/path/index.php?Git=KartvizitTasarla

localhost/path//index.php?Git=BrosurTasarla

localhost/path/index.php?Git=DavetiyeTasarla

after click to "Resim Ekle"

select your php file and wait for upload

after go here for you php file

localhost/path/upload/file.php

1) Multiple XSS Vulnerabilities

register to site 

localhost/path/index.php?Git=UyeOl

after login

localhost/path/index.php?Git=Uyelik

after go here and add your xss code

localhost/path/index.php?Git=KontrolPaneli&Sayfa=KisiselBilgilerim

localhost/path/index.php?Git=KontrolPaneli&Sayfa=AdresBilgilerim

localhost/path/index.php?Git=KontrolPaneli&Sayfa=Yorumlar

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.