header-logo
Suggest Exploit
vendor:
Read Excel
by:
Yozgat.Us
9,3
CVSS
HIGH
Shell Upload
434
CWE
Product Name: Read Excel
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: a:bts-gi:read_excel
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Read Excel v1.1 Shell Upload Vulnerability

Read Excel v1.1 is vulnerable to a shell upload vulnerability. An attacker can upload a malicious PHP file to the vulnerable server and execute arbitrary code. The vulnerable script is located at http://yozgat.us/[Read_Excel_Path]/index.php. A demo of the exploit can be found at http://server/read_excel/excel/kkk.php.

Mitigation:

The vendor should implement proper input validation and authentication to prevent malicious file uploads.
Source

Exploit-DB raw data:

Read Excel v1.1 Shell Upload Vulnerability

Author   : Yozgat.Us

Website  : WWW.YOZGAT.US

=======================================
Script   : Read Excel v1.1 Shell Upload

Vendor     : http://www.bts-gi.net.tc/home.php

=======================================
Vuln :
http://yozgat.us/ [Read_Excel_Path] /index.php


Demo:
http://server/read_excel/excel/kkk.php

=======================================

WWW.YOZGAT.US

Navigation

Suggest Exploit

Services By CQR