Best Top List Remote File Upload Vulnerability

2007.08.17
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Best Top List Remote File Upload Vulnerability ---------------------------------------------- Script : Best Top List Version : All Version Site : http://besttoplist.sourceforge.net (Closed) Founder : Rizgar Contact : rizgar (at) linuxmail (dot) org [email concealed] and irc.gigachat.net #kurdhack Thanks : KHC, PH , ColdHackers d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK" ---------------------------------------------- Vulnerability details ; Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see POC : http://www.site.com/path/banner-upload.php ----------------------------------------------------------- Code god ready in one simple shape.; > cat banner-upload.php echo "<br><br><center>" . $lang['uploadtxt'] . "<br><br> >>>>>> see :] <form enctype='multipart/form-data' method='post' action='upload.php'> <input type='hidden' name='action' value='upload'> <table frame=box rules=none border=0 cellpadding=2 cellspacing=0 align='center'> <tr> <td>Banner:</td> <td><input type='file' name='userfile'></td> </tr> <tr> <td>" . $lang['siteurlwohttp'] . ":</td> <td><input type='input' name='sitename'></td> </tr> <tr> <td></td> <td><input type='submit' name ='upload' value='Upload'></td> <tr> </table> </form>"; include "footer.php"; ?>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top