[security] CVE-2020-8440, Unrestricted file upload #10
Comments
|
fixed in the last commit d7c1b4b |
|
Perfect :) |
gwen001
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description:
controllers/page_apply.phpin simplejobscript.com SJS <=1.66 is prone to unauthenticated Remote Code Execution by uploading a PHP script as a resume.Environment:
Version: 1.64
OS: Ubuntu 16.10
Web server: Apache 2.4.18
PHP: 5.6.40
Database: MySQL 5.7.28
URL:
/applySteps to Reproduce:
1/ Apply for a job and attach a PHP file as your resume
2/ Browse the upload directory
http://local.simplejobscript.net/uploads/cvs/3/ Run the PHP file
Additional information:
If you can't see the content of the upload directory (directory indexing is off), it can be hard to guess the final filename of your malicious resume because of the
uniqidgenerated.However, you can use one of the multiple SQL injection (CVE-2020-7229) then read the content of the table
applicantor use one of the multiples IDOR available to have access to all applications of all companies.PoC:
The text was updated successfully, but these errors were encountered: