Wchat - Fully Responsive PHP AJAX Chat Script 1.5 unrestricted file upload Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1216026 漏洞类型
发布时间 2018-07-09 更新时间 2018-07-09
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018070101
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
====================================================================================================================================
| # Title     : Wchat - Fully Responsive PHP AJAX Chat Script 1.5 unrestricted file upload Vulnerability                           |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro)                                                                                        |
| # Vendor    : https://codecanyon.net/item/wchat-fully-responsive-phpajax-chat/18047319?s_rank=1327                               |  
| # Dork      : Wchat - Admin Login                                                                                                |
====================================================================================================================================


poc :


[+]  Dorking İn Google Or Other Search Enggine .

[+]  Create your account and go to "Edit profile"

[+]  Change Profile Picture & upload Ev!l php .

[+]  http://wchat.emarketkl.com/storage/user_image/7080487233.php


Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |
                                                                                                                                      |
=======================================================================================================================================