Humanos - Complete (web+Android app) crowdfunding Solutions v1.0 WebShell Upload

2019.06.18
ru m0ze (RU) ru
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*! * ::- Title: Humanos - Complete (web+Android app) crowdfunding Solutions v1.0 WebShell Upload * ::- Author: m0ze * ::- Date: 2019/04/13 * ::- Software: Humanos - Complete (web+Android app) crowdfunding Solutions v1.0 */ ::- Details & Description -:: ~ WebShell upload capability was discovered in the «Humanos - Complete (web+Android app) crowdfunding Solutions». Current version of this web-application is 1.0. ::- Demo Website -:: ~ https://codecanyon.net/item/humanos-complete-webandroid-app-crowdfunding-solutions/23760076 ~ Backend: https://humanos.itech-softsolutions.com/signin ~ Login / Password: admin@email.com / 123456 ::- Special Note -:: ~ - ::- Google Dork -:: ~ - ::- PoC Links -:: ~ https://humanos.itech-softsolutions.com/uploaded_file/files/img/5d079ee915b5e1560780521.php ~ https://humanos.itech-softsolutions.com/uploaded_file/files/img/5d07a16d44a7a1560781165.php ~ https://humanos.itech-softsolutions.com/uploaded_file/files/userimg/5d079e4b9708f1560780363.php ::- PoC [WebShell Upload] -:: ~ Go to the demo website https://humanos.itech-softsolutions.com/signin and log in with provided credentials (admin@email.com / 123456). Then go to the «Settings» page https://humanos.itech-softsolutions.com/setting and use fields «Upload Logo», «Upload Login Logo», «Upload Sidebar Logo» or «Upload Fevicon» to upload your .php files, save settings and «inspect» page for direct paths to your .php files (upload directory is https://humanos.itech-softsolutions.com/uploaded_file/files/img/, but dir listing is disabled).

References:

https://codecanyon.net/item/humanos-complete-webandroid-app-crowdfunding-solutions/23760076


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top