PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.

2020.12.10

Nobody (TR)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#####################################################
# Exploit Title: PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.
# Date: 10.12.2020
# Vender Homepage : https://parstech.com.tr/
# Exploit Author: Nobody 
# Tested on: Windows - Linux / Mozilla Firefox 
#####################################################

# Exploit : 

Step 1 - Bypass Admin Panel - with NoRedirect
Step 2 - Go to the Genel Ayarlar Tab - /panel/genel-ayar.php
Step 3 - Scroll down the page. You will see the image upload area. Upload the .php file here as is.
Step 4 - You can find the .php file in this folder: /img/
You can learn the name of the shell file by examining the area where the picture is located in the admin panel.


# Demo: 
# http://binlercearaba.com/panel/ > http://binlercearaba.com/img/516791129.php


#####################################################

# SpyHackerZ.org

See this note in RAW Version

Vote for this issue:

100%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Nobody

| Date: 2020-12-10 23:38 CET+1

Notified to the open company and necessary measures were taken.

Nano

| Date: 2020-12-11 17:52 CET+1

Looks good man (:

PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.