=============================================================================================================================================
| # Title : AccPack Khanepani v1.0 Remote File Upload Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits) |
| # Vendor : http://webpay.com.np/#Product |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code uploads a executable malicious file remotely .
[+] use payload :
Add
[+] In the seventh line, we change the link to the target link.
[+] Link to the uploaded files : cms/image/gallery/
[+] The script renames the file to a number, and you always choose numbers starting from the number 9 and above.
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================