Exploit mktba 4.2 Arbitrary File Upload

2022.07.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

### # Title : Exploit mktba 4.2 Arbitrary File Upload # Author : Dz MinD Injector # Home : Algeria 23000 d^_^b # FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector # Type : proof of concept # Tested on : Windows 10 # Date : 09/07/2022 ### I'm Back : ) # Description: An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions # PoC: Easy linke : http://127.0.0.1/upload.php you can use Burpsuite or tamperdata to bypass jpg to php shell Enjoy : ) # Proof and Exploit: http://islami.eb2a.com/upload/aln3esa-1657397278.jpg http://alajmh.com/mktba/quraan2/mp3/aln3esa-1657397316.jpg http://ashry.freetzi.com/upload/aln3esa-1657397801.jpg [+] FinD More Traget In google = )


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top