fast-signup shell uploading

2017.09.26
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################################## # Title:fast-signup shell uploading # vendor: n/a # Exploit Author : Guardiran Security Team # Tested On : ubuntu / Windows 8.1 # # Dork: inurl:fast-signup.php # # ----------------------------------------------- # # # Description : # an uncontrolled profile image uploader enables attacker to upload shell remotely # # # # # # POC: # first find targets with the dork above and signup by uploading a normal photo in this step. then # login(sometime it will login automatically) after that go to "My Photo" click on "Manage My photo" # "Modify Photo 1" now upload your shell.php here :) open your profile photo(the shell you uploaded) # url will be like this: # http://sitedomain.com/photoprocess.php?image=memphoto1/209975shell.php&square=100 # # change it to this order: # http://sitedomain.com/memphoto1/123456shell.php # Now you are done :) # 123456 is a random number that the website will add to your file name so it can be any thing else # # Bypass: # in some of targets i saw that they have denied .php file so upload your shell as .PHP :) # # # # ##############################################################################


Vote for this issue:
54%
46%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top