header-logo
Suggest Exploit
vendor:
Clipak
by:
indoushka
7,5
CVSS
HIGH
Upload
Not available
CWE
Product Name: Clipak
Affected Version From: Not available
Affected Version To: Not available
Patch Exists: Not available
Related CWE: Not available
CPE: Not available
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
Not available

clipak Upload Vulnerability

Clipak is vulnerable to an upload vulnerability. An attacker can upload malicious files to the web server, which can be accessed via http://127.0.0.1/clipak/admin/upload.php and http://127.0.0.1/clipak/files.

Mitigation:

Restrict access to the upload.php page and ensure that only authorized users can access it. Also, ensure that the uploaded files are scanned for malicious content.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : clipak Upload Vulnerability
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com/vb                                                                                 
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Upload                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- http://127.0.0.1/clipak/admin/upload.php (2 Upload)
 
 2- http://127.0.0.1/clipak/files (2 find)
 
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com *  www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR