Coolred File Manipulation vulnerability

2018.01.12

The_Ripper (DE)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[-] Exploit title : Coolred File Manipulation vulnerability
[-] Software dl : https://github.com/Coolred/WebApps
[-] Category : Webapps
[-] Author : The_Ripper
[-] Dork : N/A
[-] Tested on : Win XP
[-] Telegram : @The_Ripper
======================================
Vulnerable page :

[-] http://localhost/coolred/SimplyBank/demo/runPerso.php
======================================
Vulnerable source :

line14 >> fwrite fwrite($handle, $script_input); 
line13 >> $handle = fopen($tmpfname, "w"); 
line12 >> $tmpfname = tempnam(getcwd(), "script"); 
line10 >> $script_input = $_POST['script'];
 Require :
line9 >>  if(isset($_POST['script']))
======================================
As you can see the source code requires $_POST['script']
so you just need to identify an amount for the $_POST['script']
Enjoy ....

References:

https://github.com/Coolred/WebApps

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Coolred File Manipulation vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.