PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.

2020.12.10

Nobody (TR)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

#####################################################
# Exploit Title: PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.
# Date: 10.12.2020
# Vender Homepage : https://parstech.com.tr/
# Exploit Author: Nobody 
# Tested on: Windows - Linux / Mozilla Firefox 
#####################################################

# Exploit : 

Step 1 - Bypass Admin Panel - with NoRedirect
Step 2 - Go to the Genel Ayarlar Tab - /panel/genel-ayar.php
Step 3 - Scroll down the page. You will see the image upload area. Upload the .php file here as is.
Step 4 - You can find the .php file in this folder: /img/
You can learn the name of the shell file by examining the area where the picture is located in the admin panel.


# Demo: 
# http://binlercearaba.com/panel/ > http://binlercearaba.com/img/516791129.php


#####################################################

# SpyHackerZ.org

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

PARSTECH - Yazılım & Otomasyon Sistemleri Upload Shell Vuln.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.