Social Groupie (create_album.php) Remote File Upload Vulnerability

2009.03.04
Credit: Cyb3r-1sT
Risk: High
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 8.5/10
Impact Subscore: 10/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

|| || | || o_,_7 _|| . _o_7 _|| 4_|_|| o_w_, ( : / (_) / ( . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | _ __ __ __ ______ | | /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ | | /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ | | \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ \___``\ | | \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ | | \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ \ \____/ | | \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/___/ | | \ \____/ >> Kings of injection | | \/___/ | | | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| <<!>> Found by : Cyb3r-1sT <<!>> C0ntact : cyb3r-1st [at] hotmail.com <<!>> Groups : InjEctOr5 T3am ======================================================= +++++++++++++++++++ Script information+++++++++++++++++ ======================================================= <<->> script : Social Groupie <<->> download : www.socialgroupie.com ======================================================= +++++++++++++++++++++++ Exploit +++++++++++++++++++++++ ======================================================= <<->> D0rk : find it <<->> Exploit :>>> After u Register in site flow this steps Step 1 :> Goto photos section : http://www.site.me/Photos/photos.php Step 2 :> Create new album : http://www.site.me/Photos/create_album.php Step 3 :> Upload ur shell as ( shell.jpg.php Or shell.php ) .. Ur shell will be here http://www.site.me/Member_images/ ======================================================= ++++++++++++++++++++++ Greetz +++++++++++++++++++++++++ ======================================================= <<->> All freinds , all muslims , str0ke


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top