💣Exploit Online Matrimonial Website System v3.3 - Code Execution via malicious SVG file upload

Briansclub.cm Carding
Order your brand new Apple Vision from $3000 $900 only with us ! - Worldwide Delivery with escrow ! ☔
Bad

Bad

Well-known Hacker
in Escrow
0.0$
An arbitrary file upload vulnerability in Campcodes Online Matrimonial
Website System Script v3.3 allows attackers to execute arbitrary code via
uploading a crafted SVG file.



SVG Payload:




Steps to reproduce


-Login with your creds
-Navigate to this directory - /profile-settings
-Click on Gallery -> Add New Image -> Browser -> Add Files
-Choose the SVG file and upload done
-Click the image!! Payload Triggered



Burp Request

 
Legal warning We do not host or store any files on our website except thread messages, most likely your DMCA content is being hosted on a third-party website and you need to contact them. Representatives of this site ("service") are not responsible for any content created by users and for accounts. The materials presented express only the opinions of their authors.
🚨 Do not get Ripped Off ! ⚖️ Deal with approved sellers or use Leet Escrow on Telegram @leetlat

Richest Users with

Most in Escrow

PabloBusiness
PabloBusiness
96,840.0$ in Escrow
LesterStash
LesterStash
72,366.9$ in Escrow
Casino.CowBoy
Casino.CowBoy
60,000.0$ in Escrow
MedellinGroup
MedellinGroup
45,000.0$ in Escrow
Bitcoin.cock
Bitcoin.cock
43,000.0$ in Escrow
Back
Top