Advertisement






Acelle Email Marketing 3.0.15 Arbitrary File Upload

CVE Category Price Severity
CVE-2021-26587 CWE-434 $2,500 High
Author Risk Exploitation Type Date
xerosecurity High Remote 2023-06-02
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023060002

Below is a copy:

Acelle Email Marketing 3.0.15 Arbitrary File Upload
====================================================================================================================================
| # Title     : Acelle Email Marketing v3.0.15 unrestricted file uploads Vulnerability                                             |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 61.0.1 (32-bit)                                            |
| # Vendor    : https://codecanyon.net/item/acelle-email-marketing-web-application/17796082                                        |  
| # Dork      : ". Acelle Email Marketing Application by acellemail.com"                                                           |
====================================================================================================================================


poc :


[+]  Unrestricted file uploads You can upload malicious files in compressed format

[+]  Dorking n Google Or Other Search Enggine .

[+]  chose web site and singup .

[+]  go to templates : https://127.0.0.1/demoacellemailcom/admin/templates or https://127.0.0.1/demoacellemailcom/templates

[+]  Zip your backdoor And upload it.



Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh     |
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.