$15,000 bounty : Remote Code Execution via File Upload Vulnerability | POC | Bug Bounty 2023

Abhishek Morla
Abhishek Morla
27,597
0
Published 2023-07-01
In the theme settings function of a web application, a dangerous loophole exists where any file can be uploaded without undergoing any form of filtering or validation. This flaw opens the door to potential exploitation, as it allows an attacker to upload an arbitrary PHP file onto the server.
CVE-2023-3491
#BugBounty #EthicalHacking #penetrationtesting #RemoteCodeExecution
#FileUploadVulnerability
#BugBounty
#EthicalHacking
#WebSecurity
#Cybersecurity
#POC
#VulnerabilityResearch
#ServerSideInjection
#HackerCommunity
#BugHunting
#SecurityFlaw
#Exploit
#WebApplicationSecurity
#CyberAwareness
All Comments (21)
  • @kottunaana
    Thats a great find. Now I will be extra suspicious whenever I see a multipart form.
  • @sebastianm8028
    Awesome! Wouldn't have thought to try that, great find!
  • @yasaya9139
    where did you learn to add data like this? is there a video covering this for me to learn from?
  • @fantashio
    Hi, is there a bug bounty program for fossbilling or the target uses it on their domains?
  • @amine988
    Just tell me why you enter/assets
  • @monKeman495
    how do you know it stored in asset directory if it's not avail for local environment testing how you know that
  • @user-bx4hx4lr6h
    where can i contact you to get the payload file please ? very good job bro !!!!!!
  • @user-nm4og5yi4e
    brother can you suggest how do you know the file uploaded path??
  • @adhurealfaz9582
    bhai isme yea kaise pta chla ke file ka path kha hai jo apne traf se bna kr upload ke hai ....?
  • @brahmareddy5763
    why you add ------------------------------------611111191919101010 that line again in request before php code? explain me bro and how you exact path themes/huraga/assets ?