Justboil.ME Plugins Image Upload Vulnerability New Method

2019.05.10
id L4663r666h05t (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/plugins/justboil.me/ site:

####################################################################### Exploit Title : Justboil.ME Plugins Image Upload Vulnerability New Method Author : L4663r666h05t Tested On : Windows 10 x64 Vendor : http://justboil.me/ Dork : inurl:/plugins/justboil.me/ site: Date : 9 May 2019 ####################################################################### Exploit File: dialog-v4.htm Dorking in google or another search engine (Bing,Yahoo,DuckDuckGO ) YOU NEED TO REGISTER FIRST Demo: https://jurnal.stmik.banisaleh.ac.id/plugins/generic/tinymce/plugins/justboil.me/dialog-v4.htm http://journal.gunabangsa.ac.id/plugins/generic/tinymce/plugins/justboil.me/dialog-v4.htm Path Images/Shell: http://localhost/public/site/images/[user name]/shell.png ( IF YOU NEED TO REGISTER FIRST ) Note: This proof of concept same with JBImages only the different plugin name but need to register first, sometimes no need register. Impact: An attacker allow to upload an image. Thanks To: All Indonesian Hackers

References:

https://cxsecurity.com/issue/WLB-2019010016
https://cxsecurity.com/issue/WLB-2019020176


See this note in RAW Version
Vote for this issue:
20%
80%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top