phpstore real_estate 任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116707 漏洞类型 权限许可和访问控制
发布时间 2008-11-10 更新时间 2009-08-12
CVE编号 CVE-2008-6930 CNNVD-ID CNNVD-200908-085
漏洞平台 PHP CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/7085
https://cxsecurity.com/issue/WLB-2009080024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200908-085
|漏洞详情
PHPStoreRealEstate的任意文件上传漏洞。远程认证用户通过上传一个具有例如logo那样的可执行扩展名的一个文件并向realty/re_images/的文件提交一个直接请求来访问该文件,以执行任意代码。
|漏洞EXP
PHP Store Real Estate Remote File Upload

Author: ZoRLu  msn: trt-turk@hotmail.com

home: www.z0rlu.blogspot.com

N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (

-----------------------------------------


exploit:


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

login to site and edit your profile

upload your_shell.php 

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

---------------------------------------------

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/realty/re_images/1226243945_logo_c.php


http://www.phpstore.info/demos/realty/re_images/ ( you look here and see shell 1226243945_logo_c.php )

------------------------------------------------

thanks: str0ke & yildirimordulari.org  &  darkc0de.com

# milw0rm.com [2008-11-10]
|参考资料

来源:XF
名称:realestate-reimages-file-upload(52446)
链接:http://xforce.iss.net/xforce/xfdb/52446
来源:VUPEN
名称:ADV-2008-3101
链接:http://www.vupen.com/english/advisories/2008/3101
来源:MILW0RM
名称:7085
链接:http://www.milw0rm.com/exploits/7085
来源:SECUNIA
名称:32626
链接:http://secunia.com/advisories/32626
来源:OSVDB
名称:50293
链接:http://osvdb.org/50293