MktbaGold 6.4 Arbitrary File Upload

2022.07.13
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

### # Title : Exploit Powered by: MktbaGold 6.4 Arbitrary File Upload # Author : Dz MinD Injector # Home : Algeria 23000 d^_^b # FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector # Type : proof of concept # Tested on : Windows 10 # Date : 09/07/2022 ### I'm Back : ) # Description: In this Case you juste need to singup first and then follow this link An attacker can access the upload function of the application without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions # PoC: Easy linke : In this Case you juste need to singup first and then follow this link : http://127.0.0.1/upload.php you can use Burpsuite or tamperdata to bypass jpg to php shell Enjoy : ) # Proof and Exploit: http://danya.dreamscity.net/upload.php?file=jVSm7DNpagGEu9k [+] FinD More Traget In google = )


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top