Advanced Guestbook 2.4.3 Shell Upload

2013.08.08
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Guestbook Remote Shell Upload Vulnerability | [+] Google Dork:site:.com.tw inurl:"addentry.php" | [+] Google Dork2:"Advanced Guestbook 2.4.3" | [+] Exploit Author: Ashiyane Digital Security Team | [+] Tested on: Windows,Linux | [+] AVN : ASH-2013-140 |-------------------------------------------------------------------------| |-------------------------------------------------------------------------| | [+]Vendor Home :http://www.proxy2.de/ |-------------------------------------------------------------------------| | [+] Exploit: | [+] http://localhost/[path]/gbaddentry.php |-------------------------------------------------------------------------| | [+] Demo site: | [+] http://www.ladorishti.com/guestbook/addentry.php |-------------------------------------------------------------------------| | [+] Proof: | [+] 1-Go to http://localhost.com.tw/guestbook/addentry.php | [+]2-Fill in the blanks | [+]3-Click To Browse And Select File(.jpg) | [+]4-Clict to ok for upload | [+]5-Go to http://local.com/guestbook/index.php | [+]6-Click on The picture and right click for read image ingo and copy | [+]7-uploaded files url:http://www.localhost.com.tw/guestbook/public/name |-------------------------------------------------------------------------| | [+] Discovered By :hossein19123 & Ba3bak | | [+]Greetz to: My Lord Allah | [+]Sp Tnx To:PrinceofHacking , C4T , V1R4N64R , MR.SAMAN, Tr0janman | [+]Ashiyane Security [ Researcher Team AND Deface Team ] |-------------------------------------------------------------------------| | [+]Home:Ashiyane.Org | |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top