facebook facebook twitter rss

Drupal 7 jQuery ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability

Author: KingSkrupellos , Published: 09-10-2018

# Exploit Title : Drupal 7 jQuery ItalianGov Fi.it Scrivi Al Comune Arbitrary File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 22/06/2018
# Vendor Homepage : regione.toscana.it - jquery.com
# Tested On : Windows
# Version : 7
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-287 [ Improper Authentication ] + CWE-284 [ Improper Access Control ]
# CXSecurity : cxsecurity.com/ascii/WLB-2018060240

#################################################################################################

# Google Dorks :

intext:''Scrivi al Comune'' site:fi.it

Il testo del tuo messaggio * site:fi.it

# Exploits :

/scrivi-al-comune
/scrivi-al-comune-0
/segnalazioni-e-reclami-0
/scrivi-al-sindaco-0
/node/19

# Path : /sites/www.comune.DOMAINADDRESS.fi.it/files/webform/.....

# Note => Allowed File Extensions : gif jpg png tif txt rtf odf pdf doc docx xls xlsx.

# Don't forget to put www. before comune. on the URL Address bar.

#################################################################################################

# Example Vulnerable Sites and Target IP => 159.213.236.225

[ Proof of Concept for Vulnerability and Exploit ] => archive.is/zUN5z - archive.is/3IMxH

www.comune.vicchio.fi.it/segnalazioni-e-reclami-0
www.comunebarberino.it/scrivi-al-comune
www.comune.borgo-san-lorenzo.fi.it/scrivi-al-comune-0
www.comune.bagno-a-ripoli.fi.it/scrivi-al-sindaco-0
www.comune.rignano-sullarno.fi.it/scrivi-al-comune
www.comune.pontassieve.fi.it/scrivi-al-comune-0
www.comune.marradi.fi.it/scrivi-al-comune
www.comune.dicomano.fi.it/scrivi-al-comune-0
www.comune.reggello.fi.it/scrivi-al-comune-0
www.comune.palazzuolo-sul-senio.fi.it/scrivi-al-comune
www.comune.scarperiaesanpiero.fi.it/scrivi-al-comune
www.comune.provagliodiseo.bs.it/node/19
www.comune.terni.it/scrivi-al-comune

################################################################################################

Reference Topic Link [ It belongs to me ] => cyberizm.org/cyberizm-drupal-7-jquery-italia-fi-it-scrivi-al-comune-exploit.html

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :