Nuked Klan CMS 1.8 File Upload

Published
Credit
Risk
2017.01.11
Ashiyane Digital Security Team
High
CWE
CVE
Local
Remote
CWE-264
N/A
No
Yes
Dork: index of:"filemanager/dialog.php"


*=============================================================|
|A Exploit Title:A CMS_Nuked-Kla File Upload Vulnerability
|
|A Exploit Author: Ashiyane Digital Security Team
|
|A Vendor HomePage: https://github.com/Nuked-Klan/CMS_Nuked-Klan
|
|A Download Link : https://github.com/Nuked-Klan/CMS_Nuked-Klan/archive/develop_1.8.zip
|
|A Version : V 1.8
|
|A Dork : index of:"filemanager/dialog.php"
|
|A Tested on:A Kali Linux
|
|A Date: 1 /3 / 2017
*=============================================================|
|A Vulnerability Path : http://127.0.0.1/CMS_Nuked-Klan-develop_1.8/media/tinymce/plugins/filemanager/dialog.php
|A Vulnerability Path : http://127.0.0.1/6/CMS_Nuked-Klan-develop_1.8/media/filemanager/dialog.php
|A Vulnerability Method :GET
*===========================|
|A Proof :
|
|A http://arksun.com/plugins/tinymce/filemanager/dialog.php
|A https://www.mygolfballdrop.com/static/plugins/filemanager/dialog.php
|A http://www.globalasset-group.com/wwwassets/libraries/filemanager/dialog.php
|A http://www.gracegospelcommission.org/filemanager/dialog.php
|A http://www.visiun.fr/lib/filemanager/dialog.php
*===========================|
|A Vulnerability description
*===:
|A This page allows visitors to upload files to the server.
|A Various web applications allow users to upload files (such as images, html, ...).
|A Uploaded files may pose a significant risk if not handled correctly.
|A A remote attacker could send a multipart/form-data POST request
|A with a specially-crafted filename or mime type and execute arbitrary code.
*=============================================================|
| Discovered By : M.R.S.L.Y
*=============================================================|A


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com