Headline
CVE-2023-31576: CVE-nu11secur1ty/vendors/s9y/2023/Serendipity-2.4-beta-1 at main · nu11secur1ty/CVE-nu11secur1ty
An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file.
Vendor
Description:
The already authenticated attacker can upload HTML and JavaScript files on the server, which is absolutely dangerous and STUPID In these files, the attacker can be codding a malicious web socket.
In this scenario, the attacker includes his own app directly on this server and then he starts this application for his own purposes. It depends on the scenario, the attacker can steal every day very sensitive information, for a very long period of time, until the other users will know that something is not ok with this system, and they decide to stop using her, but maybe they will be too late for this decision. Or even more worst than ever, he can harm seriously this server!
STATUS: CRITICAL Vulnerability
[+]Exploit:
<!DOCTYPE html> <html>
<body> <div id="chat"></div> <input id="name" type="text" placeholder="name" /> <input id="message" type="text" placeholder="message" /> <button id="send">Send</button>
<script src\="PoCl.js"\></script\>
</body>
</html>
Reproduce:
href
Proof and Exploit:
href
Time spend:
01:00:00