/*! * ::- Title: Humanos - Complete (web+Android app) crowdfunding Solutions v1.0 WebShell Upload * ::- Author: m0ze * ::- Date: 2019/04/13 * ::- Software: Humanos - Complete (web+Android app) crowdfunding Solutions v1.0 */ ::- Details & Description -:: ~ WebShell upload capability was discovered in the «Humanos - Complete (web+Android app) crowdfunding Solutions». Current version of this web-application is 1.0. ::- Demo Website -:: ~ https://codecanyon.net/item/humanos-complete-webandroid-app-crowdfunding-solutions/23760076 ~ Backend: https://humanos.itech-softsolutions.com/signin ~ Login / Password: admin@email.com / 123456 ::- Special Note -:: ~ - ::- Google Dork -:: ~ - ::- PoC Links -:: ~ https://humanos.itech-softsolutions.com/uploaded_file/files/img/5d079ee915b5e1560780521.php ~ https://humanos.itech-softsolutions.com/uploaded_file/files/img/5d07a16d44a7a1560781165.php ~ https://humanos.itech-softsolutions.com/uploaded_file/files/userimg/5d079e4b9708f1560780363.php ::- PoC [WebShell Upload] -:: ~ Go to the demo website https://humanos.itech-softsolutions.com/signin and log in with provided credentials (admin@email.com / 123456). Then go to the «Settings» page https://humanos.itech-softsolutions.com/setting and use fields «Upload Logo», «Upload Login Logo», «Upload Sidebar Logo» or «Upload Fevicon» to upload your .php files, save settings and «inspect» page for direct paths to your .php files (upload directory is https://humanos.itech-softsolutions.com/uploaded_file/files/img/, but dir listing is disabled).