Online Lawyer Booking Solutions - GOCOURT v1.0 WebShell Upload - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1639753 漏洞类型
发布时间 2019-06-23 更新时间 2019-06-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060145
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*!
* ::- Title: Online Lawyer Booking Solutions - GOCOURT v1.0 WebShell Upload
* ::- Author: m0ze
* ::- Date: 2019/05/01
* ::- Software: Online Lawyer Booking Solutions - GOCOURT v1.0
*/
  
::- Details & Description -::
~ WebShell upload capability was discovered in the «Online Lawyer Booking Solutions - GOCOURT». Current version of this web-application is 1.0.

::- Demo Website -::
~ https://codecanyon.net/item/gocourt-find-a-lawyer/17787763
~ Frontend: http://demo.gocourt.in
~ Backend: http://demo.gocourt.in/admin
~ Login / Password: admin / admin

::- Special Note -::
~ Stored XSS Injections is possible too, but it's not really interesting.

::- Google Dork -::
~ -

::- PoC Links -::
~ http://demo.gocourt.in/admin/uploads/
~ http://demo.gocourt.in/admin/uploads/up-up.php
~ http://demo.gocourt.in/admin/uploads/up-dir.php
~ http://demo.gocourt.in/admin/images/user-image.php

::- PoC [WebShell Upload] -::
~ Go to the demo website http://demo.gocourt.in/admin and log in with provided credentials (admin / admin). Then go to the:
1 - «Edit Profile» page http://demo.gocourt.in/admin/welcome/editprofile_view and use the «Display Image» field for .php file upload;
2 - «Webinfo Details» page http://demo.gocourt.in/admin/Settings/index and use the «Logo» field for .php file upload;
3 - «View Customers Details» page http://demo.gocourt.in/admin/Customer_Controller/index and use the «Professional Photograph» field for .php file upload (create a new profile or edit any existed).