Unified-Layer Unrestricted File Upload Exploit

2015.09.22
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/------ Unified-Layer Unrestricted File Upload Exploit /------ Author: UmPire / ranrep0ker@yahoo.com /------ Iran Security Group / iransec.net Hi guys, With this exploit, You can upload files with any extensions you want in sites that are hosted on unified layer and its children like bluehost, hostmonster, justhost, ... and also these sites themselves You know that there are many many sites out there on unified-layer and there are a huge amount of choice for you to hack by this. It's not important how you find target. It can be a plugin, finding by dorks and etc. Let's visit a site and look how we do it... Remember that it relates mostly on its existence on unified-layer, not the uploader script. Demo Video: http://www.youtube.com/watch?v=tY4vJtTuQbQ ---=== POC ===--- In any site from unified layer First, you should find an uploader It usually exists in contact forms or galleries. You can find more uploaders by searching an specific wordpress, joomla,... plugins. The amazing part is that it works also on WHMCS. But it's your duty to find the renamed file. Second, rename the file and add dots at the end before extension: example.php......jpg simple but nice Third, it will be uploaded with ease. ---=== Notes ===--- As you perhaps know, it was a paid exploit at first. I decided to publish it for free because of anniversary of the "Sacred Defense Week" of Iran. https://en.wikipedia.org/wiki/Sacred_Defence_Week It's better for bad guys not killing ppl in Gaza. The land will remain Palestine forever. At last, It's really good to be good. (g2g) Bye.

References:

http://www.youtube.com/watch?v=tY4vJtTuQbQ


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top