Open Journal Systems Arbitrary File Upload

2021.10.30
tr Emyounoone (TR) tr
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Open Journal Systems Arbitrary File Upload # Author: Emyounoone # Google Dork: /index.php/journal # Date: 29/10/2021 # Vendor Homepage (Example): https://nur.hmu.edu.krd/index.php/journal # Tested on: Kali Linux | Cyberfox # Vulnerable Path: index.php/journal/ Exploit: You can upload a webshell onn using this exploit Firstly register as a writer on Open Journal Systems (OJS) and login it. After that you need to be a report a submission. While you are uploading a new submission you can upload a academical file on the web server. You can upload every file type on this part After you upladed a webshell : example: https://nur.hmu.edu.krd/index.php/journal/$$$call$$$/api/file/file-api/download-file?fileId=302&revision=1&submissionId=---114---&stageId=1 The result might be like this. After copy this link and paste anywhere: As we know submissionId=---114 is our file id : 114 (This is variable) You can acces your shell part using this id: https://nur.hmu.edu.krd/index.php/journal/files/journals/dir_number/articles/file_id(114)/submission/shell Result Example: https://nur.hmu.edu.krd/index.php/journal/files/journals/1/articles/114/submission/shell.php If you succeeded you can acces your shell


Vote for this issue:
80%
20%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top