Nuked Klan CMS 1.8 File Upload

2017.01.11
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

*=============================================================| |A Exploit Title:A CMS_Nuked-Kla File Upload Vulnerability | |A Exploit Author: Ashiyane Digital Security Team | |A Vendor HomePage: https://github.com/Nuked-Klan/CMS_Nuked-Klan | |A Download Link : https://github.com/Nuked-Klan/CMS_Nuked-Klan/archive/develop_1.8.zip | |A Version : V 1.8 | |A Dork : index of:"filemanager/dialog.php" | |A Tested on:A Kali Linux | |A Date: 1 /3 / 2017 *=============================================================| |A Vulnerability Path : http://127.0.0.1/CMS_Nuked-Klan-develop_1.8/media/tinymce/plugins/filemanager/dialog.php |A Vulnerability Path : http://127.0.0.1/6/CMS_Nuked-Klan-develop_1.8/media/filemanager/dialog.php |A Vulnerability Method :GET *===========================| |A Proof : | |A http://arksun.com/plugins/tinymce/filemanager/dialog.php |A https://www.mygolfballdrop.com/static/plugins/filemanager/dialog.php |A http://www.globalasset-group.com/wwwassets/libraries/filemanager/dialog.php |A http://www.gracegospelcommission.org/filemanager/dialog.php |A http://www.visiun.fr/lib/filemanager/dialog.php *===========================| |A Vulnerability description *===: |A This page allows visitors to upload files to the server. |A Various web applications allow users to upload files (such as images, html, ...). |A Uploaded files may pose a significant risk if not handled correctly. |A A remote attacker could send a multipart/form-data POST request |A with a specially-crafted filename or mime type and execute arbitrary code. *=============================================================| | Discovered By : M.R.S.L.Y *=============================================================|A


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top