Become a patron and gain access to the dashboard, Schedule scans, API and Search patron
"Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork"
Author
"Shahrukh Iqbal Mirza"
Platform
multiple
Release date
2020-12-02
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | # Exploit Title: Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) # Date: November 17th, 2020 # Exploit Author: Shahrukh Iqbal Mirza (@shahrukhiqbal24) # Vendor Homepage: Source Code & Projects (https://code-projects.org) # Software Link: https://download.code-projects.org/details/9dfede24-03cc-42a8-b319-f666757ac7cf # Version: 1.0 # Tested On: Windows 10 (XAMPP Server) # CVE: CVE-2020-28688 --------------------- Proof of Concept: --------------------- 1. Authenticate as a user (or signup as an artist) 2. Click the drop down for your username and go to My ART+BAY 3. Click on My Artworks > My Available Artworks > Add an Artwork 4. Click on any type of artwork and instead of the picture, upload your php-shell > click on upload 5. Find your shell at 'http://<ip>/<base_url>/pictures/arts/<shell.php>' and get command execution |
| Release Date | Title | Type | Platform | Author |
|---|---|---|---|---|
| 2020-12-02 | "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Add Artwork" | webapps | multiple | "Shahrukh Iqbal Mirza" |
| 2020-12-02 | "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" | webapps | multiple | "Shahrukh Iqbal Mirza" |
| 2020-10-01 | "MonoCMS Blog 1.0 - Arbitrary File Deletion (Authenticated)" | webapps | php | "Shahrukh Iqbal Mirza" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/49166/?format=json')
For full documentation follow the link above