Drupal 7 ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability

2018.06.22
gb KingSkrupellos (GB) gb
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-287 - CWE-284
Dork: intext:''Scrivi al Comune'' site:fi.it

################################################################################################# # Exploit Title : Drupal 7 jQuery ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 22/06/2018 # Vendor Homepage : regione.toscana.it - jquery.com # Tested On : Windows # Version : 7 # Category : WebApps # Exploit Risk : Medium # CWE : CWE-287 [ Improper Authentication ] + CWE-284 [ Improper Access Control ] ################################################################################################# # Google Dorks : intext:''Scrivi al Comune'' site:fi.it Il testo del tuo messaggio * site:fi.it # Exploits : /scrivi-al-comune /scrivi-al-comune-0 /segnalazioni-e-reclami-0 /scrivi-al-sindaco-0 /node/19 # Path : /sites/www.comune.DOMAINADDRESS.fi.it/files/webform/..... # Note => Allowed File Extensions : gif jpg png tif txt rtf odf pdf doc docx xls xlsx. # Don't forget to put www. before comune. on the URL Address bar. ################################################################################################# # Example Sites and Target IP => 159.213.236.225 [ Proof of Concept for Vulnerability and Exploit ] => archive.is/zUN5z - archive.is/3IMxH comune.vicchio.fi.it/segnalazioni-e-reclami-0 comunebarberino.it/scrivi-al-comune comune.borgo-san-lorenzo.fi.it/scrivi-al-comune-0 comune.bagno-a-ripoli.fi.it/scrivi-al-sindaco-0 comune.rignano-sullarno.fi.it/scrivi-al-comune comune.pontassieve.fi.it/scrivi-al-comune-0 comune.marradi.fi.it/scrivi-al-comune comune.dicomano.fi.it/scrivi-al-comune-0 comune.reggello.fi.it/scrivi-al-comune-0 comune.palazzuolo-sul-senio.fi.it/scrivi-al-comune comune.scarperiaesanpiero.fi.it/scrivi-al-comune comune.provagliodiseo.bs.it/node/19 comune.terni.it/scrivi-al-comune ################################################################################################ Reference Topic Link [ It belongs to me ] => cyberizm.org/cyberizm-drupal-7-jquery-italia-fi-it-scrivi-al-comune-exploit.html ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top