fast-signup shell uploading

2017.09.26

Guardiran Security Team (DE)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:fast-signup.php

##############################################################################
# Title:fast-signup shell uploading
# vendor: n/a
# Exploit Author : Guardiran Security Team
# Tested On : ubuntu / Windows 8.1
#
# Dork: inurl:fast-signup.php
#
# -----------------------------------------------
#
#
# Description :
# an uncontrolled profile image uploader enables attacker to upload shell remotely
#
#
#
#
#
# POC:
# first find targets with the dork above and signup by uploading a normal photo in this step. then
# login(sometime it will login automatically) after that go to "My Photo" click on "Manage My photo"
# "Modify Photo 1" now upload your shell.php here :) open your profile photo(the shell you uploaded)
# url will be like this:
# http://sitedomain.com/photoprocess.php?image=memphoto1/209975shell.php&amp;square=100
#
# change it to this order:
# http://sitedomain.com/memphoto1/123456shell.php
# Now you are done :)
# 123456 is a random number that the website will add to your file name so it can be any thing else
#
# Bypass:
# in some of targets i saw that they have denied .php file so upload your shell as .PHP :)
#
#
#
#
##############################################################################

See this note in RAW Version

Vote for this issue:

46%

54%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

fast-signup shell uploading

Dork: inurl:fast-signup.php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.