Home[1] Files[2] News[3] Contact[4] Add New[5]
- Laravel Media Library Pro 2.1.6 Shell Upload[6]
- Authored by Kelvin Yip[7] | Site cybersecthreat.com[8]
-
Laravel Media Library Pro versions 2.1.6 and below as well as 1.17.10 and below suffer from a remote shell upload vulnerability.
- advisories | CVE-2021-45040[9]
- MD5 |
1228b251a7f271fd7da635499b0bd342 - Download[10] | Favorite[11] | View[12]
Change Mirror[13] Download[14]
# Exploit Title: Laravel Media Library Pro <=2.1.6 - Arbitrary File Upload (Unauthenticated)
# Google Dork: -
# Date: Mar 13, 2022
# Exploit Author: Kelvin Yip <Cette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. >
# Vendor Homepage: https://spatie.be/
# Software Link: https://spatie.be/products/media-library-pro
# Version: <=1.17.10 & <=2.1.6
# Tested on: Laradock (PHP 8.0) inside Ubuntu 20.04
# CVE : CVE-2021-45040
#######################################################################################################
Description:
The Spatie media-library-pro library through 1.17.10 & 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.
#######################################################################################################
Xploit : Arbitrary File Upload (Unauthenticated)
Default URL: http://server/api/media-library-pro/uploads OR http://server/media-library-pro/uploads
Note: The URL can be changed by developer.
Upload a PHP webshell or shell file with 3 parameters: (uuid, name and file), the JSON response will contain “original_url”, access the URL in the browser to get the shell access.
#######################################################################################################
Additional Information for setup, test and solutions: https://cybersecthreat.com/2022/03/14/cve-2021-45040/
#######################################################################################################
Follow us on
Facebook
Subscribe to an RSS
FeedFile Tags
- ActiveX[20] (932)
- Advisory[21] (76,941)
- Arbitrary[22] (15,000)
- BBS[23] (2,859)
- Bypass[24] (1,534)
- CGI[25] (1,010)
- Code Execution[26] (6,573)
- Conference[27] (668)
- Cracker[28] (797)
- CSRF[29] (3,259)
- DoS[30] (21,638)
- Encryption[31] (2,323)
- Exploit[32] (49,384)
- File Inclusion[33] (4,128)
- File Upload[34] (934)
- Firewall[35] (821)
- Info Disclosure[36] (2,538)
- Intrusion Detection[37] (847)
- Java[38] (2,759)
- JavaScript[39] (791)
- Kernel[40] (5,953)
- Local[41] (13,936)
- Magazine[42] (586)
- Overflow[43] (12,081)
- Perl[44] (1,410)
- PHP[45] (5,032)
- Proof of Concept[46] (2,275)
- Protocol[47] (3,261)
- Python[48] (1,374)
- Remote[49] (29,466)
- Root[50] (3,438)
- Ruby[51] (574)
- Scanner[52] (1,629)
- Security Tool[53] (7,652)
- Shell[54] (3,026)
- Shellcode[55] (1,200)
- Sniffer[56] (878)
- Spoof[57] (2,072)
- SQL Injection[58] (15,929)
- TCP[59] (2,347)
- Trojan[60] (668)
- UDP[61] (866)
- Virus[62] (657)
- Vulnerability[63] (30,273)
- Web[64] (8,919)
- Whitepaper[65] (3,704)
- x86[66] (942)
- XSS[67] (17,247)
- Other[68]
File Archives
- March 2022[69]
- February 2022[70]
- January 2022[71]
- December 2021[72]
- November 2021[73]
- October 2021[74]
- September 2021[75]
- August 2021[76]
- July 2021[77]
- June 2021[78]
- May 2021[79]
- April 2021[80]
- Older[81]
Systems
- AIX[82] (424)
- Apple[83] (1,873)
- BSD[84] (368)
- CentOS[85] (55)
- Cisco[86] (1,911)
- Debian[87] (5,947)
- Fedora[88] (1,690)
- FreeBSD[89] (1,241)
- Gentoo[90] (4,152)
- HPUX[91] (876)
- iOS[92] (313)
- iPhone[93] (108)
- IRIX[94] (220)
- Juniper[95] (67)
- Linux[96] (41,641)
- Mac OS X[97] (682)
- Mandriva[98] (3,105)
- NetBSD[99] (255)
- OpenBSD[100] (477)
- RedHat[101] (11,173)
- Slackware[102] (941)
- Solaris[103] (1,605)
- SUSE[104] (1,444)
- Ubuntu[105] (7,660)
- UNIX[106] (9,033)
- UnixWare[107] (183)
- Windows[108] (6,307)
- Other[109]
© 2020 Packet Storm. All rights reserved.
- Services
- Security Services[120]
- Hosting By
- Rokasec[121]
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
