Bug: Max's File Uploader File Upload Vulnerability ( Ascii Version )

Search:
WLB2

Max's File Uploader File Upload Vulnerability

Published
Credit
Risk
2008.01.25
xcross87
High
CWE
CVE
Local
Remote
CWE-20
CVE-2008-0373
No
Yes
 Dork: intitle:"Max's File Uploader" (maybe ^^)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial


# Max's File Uploader File Upload Vulnerability

# Homepage: http://www.phpf1.com/

# Download: http://www.phpf1.com/download.html?item=9

# Dork: intitle:"Max's File Uploader" (maybe ^^)

# Found by : Xcross87 | xcross87.info | hcegroup.net

Simply upload a shell (*.php), it will be stored in the same level.

# Example:

http://[site]/[path]/index.php

Upload a shell: xshell.php

-> http://[site]/[path]/xshell.php

[^$^] Enjoy !

# - by Xcross87 - #

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version