## https://sploitus.com/exploit?id=PACKETSTORM:173582
====================================================================================================================================
| # Title : Chevereto CMS V3.7.0 HPP Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 66.0.2(64-bit) |
| # Vendor : https://chevereto.com/ |
| # Dork : |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] Vulnerability description:
This script is possibly vulnerable to HTTP Parameter Pollution attacks.
HPP attacks consist of injecting encoded query string delimiters into other existing parameters.
If the web application does not properly sanitize the user input, a malicious user can compromise
the logic of the application to perform either clientside or server-side attacks.
[+] This vulnerability affects : /chevereto/search/images.
[+] Attack details:
URL encoded GET input q was set to H!%26im%3dindoushka
Parameter precedence: last occurrence Affected link: http://127.0.0.1/democheveretocom/search/images/?q=H!%26im%3dindoushka
[+] Affected parameter: q=1 http://127.0.0.1/democheveretocom/search/images/?q=H!%26im%3dindoushka
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr |
=======================================================================================================================================