fluidgalleries Photo Upload Remote Shell Upload Vulnerability

2013.08.02
Credit: Iranian_Dark_Coders_Team
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264
Dork: inurl:\"fluidgalleries/dat/info.dat\" OR inurl:\"/fluidgalleries/php/\"

?################# In The Name Of Allah ################ # ####################################################### # # [+] Exploit Title : fluidgalleries Photo Upload Remote Shell Upload Vulnerability # [+] Google Dork 1 : inurl:"fluidgalleries/dat/info.dat" # [+] Google Dork 2 : inurl:"/fluidgalleries/php/" # [+] Date : 01/08/2013 # [+] Exploit Author : Iranian_Dark_Coders_Team # [+] Home : www.idc-team.net # [+] Discovered By : Black.Hack3r # [+] Vendor Homepage : http://www.fluidgalleries.co # [+] Version : All Version # [+] Tested on : Windows 7 # ####################################################### # # [+] Exploit: # # [+] http://localhost/[path]/fluidgalleries/php/photo-upload.php # ####################################################### # # [+] Proof: # # [+] Please run the Firefox browser # [+] Then Add-ons Live HTTP headers in Firefox Install >> https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/ # [+] Now the run Add-ons Live HTTP headers # [+] Then go to this page http://localhost/[path]/fluidgalleries/php/photo-upload.php # [+] Click the Choose File button Then select a file [shell.php.jpg] # [+] Then click on the upload button # [+] Now using Live HTTP headers uploaded files to PHP change [shell.php] # [+] Then go to this page http://localhost/[path]/fluidgalleries/photos/ [Random number+shell.php] # [+] A Sample Shell :: http://pitlakarts.com/fluidgalleries/photos/1black.php # # [+] Video proof exploits :: http://m-h-a-c-k-e-r.persiangig.com/fluidgalleriesExploit.html # [+] Video proof exploits :: http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf # ####################################################### # # [+] Demo site: # # [+] http://pitlakarts.com/fluidgalleries/php/photo-upload.php # [+] http://www.scottmartinezphotography.com/fluidgalleries/php/photo-upload.php # [+] http://www.patrickwking.com/fluidgalleries/php/photo-upload.php # [+] http://www.danbatchelor.com/photo/fluidgalleries/php/photo-upload.php # [+] http://ritacoury.com/fluidgalleries/php/photo-upload.php # ####################################################### # # [+] Discovered By : Black.Hack3r # [+] We Are : M.R.S.CO,Black.Hack3r,N3O,UB313 # [+] SpTnx : Mr.Cicili,Sec4ever,shahram black hat,C@M!S3?_H3X,3is@,HOt0N,All Members In www.idc-team.net/cc # [+] Home : http://www.idc-team.net # #######################################################

References:

http://www.fluidgalleries.co
http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf
http://m-h-a-c-k-e-r.persiangig.com/fluidgalleriesExploit.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top