Turkish Meb.Gov.tr Subdomains Upload File Vulnerability

2018.03.26
tr God3err (TR) tr
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: site:meb.gov.tr intext:/ucretliogretmenlik/

Turkish Meb.Gov.tr Subdomains Upload File Vulnerability ------------------------------------------------------------- Version One : Step 1 Open the page and sign up random turkish citizenship number Step 2 Rename index.html to index.jpg,index.jpg.html Step 3 Click upload button and select index file Success E.g : http://sisli.meb.gov.tr/ucretliogretmenlik/ http://silivri.meb.gov.tr/ucretliogretmenlik/ Version Two : Step 1 Open the page and click "2017-2018 Eğitim-Öğretim Yılı Ücretli Öğretmenlik Başvuru Formu" Step 2 sign up random turkish citizenship number,name... Step 3 Click upload button and select index file (index.html,index.jpg.html,index.jpg etc.) Success E.g : http://sultangazi.ucretliogretmen.xyz/basvuru/sgbasvuru2017.php http://arnavutkoy.ucretliogretmen.xyz/basvuru/abasvuru2017.php ☭ God3err ☭


See this note in RAW Version
Vote for this issue:
55%
45%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top