CMS Saudi Softech Arbitrary File Upload

2017.12.29
id Kyu_Kazami (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"DESIGNED BY: SAUDI SOFTECH (MST)"

#Exploit Title : CMS SAUDI SOFTECH Arbitrary File Upload #Author : Kyu_Kazami #Google Dork : intext:"DESIGNED BY: SAUDI SOFTECH (MST)" #Exploit : panel/php/connector.php #Vendor Home Page : https://www.saudisoftech.com/ #Tested On : Windows 7 1. description this bug allow the attacker to upload any files via connector.php 2.proof of concept https://pastebin.com/wcpevk2w <- download and upload to your localhost or web shell localhost/panel/php/connector.php go to auto exploit and put on the box and klik hajar your file will be on localhost/panel/files/yourfile 3.solution change your cms


See this note in RAW Version
Vote for this issue:
40%
60%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top