Exploit Title : Contentify Register And Upload Backdoor
Author : ice-cream - khunerable
Vendor Homepage : http://www.contentify.org/
Vendor Github : https://github.com/Contentify
Date : 14 oct 2017
Tested on : Ubuntu 16.04.2 LTS ( BackBox ), Windows 7
dork :
inurl:/registration/create intext:"TEAMS" "LATEST MATCHES"
poc :
[-]register
[-]edit profile
[-]upload my shell jpg ( tamper or burpsuite )
[-]if error.. you back to edit profile and refresh page..
[-]copy image location
example
http://www.crea-esports.at/
thnks for :
All member typical idiot security - Gr4c3 - Konslet - All Indonesian Hacker
Post a Comment