phpstore real_estate 任意文件上传漏洞

漏洞ID	1116707	漏洞类型	权限许可和访问控制
发布时间	2008-11-10	更新时间	2009-08-12
CVE编号	CVE-2008-6930	CNNVD-ID	CNNVD-200908-085
漏洞平台	PHP	CVSS评分	6.5

|漏洞来源

https://www.exploit-db.com/exploits/7085
https://cxsecurity.com/issue/WLB-2009080024
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200908-085

|漏洞详情

PHPStoreRealEstate的任意文件上传漏洞。远程认证用户通过上传一个具有例如logo那样的可执行扩展名的一个文件并向realty/re_images/的文件提交一个直接请求来访问该文件，以执行任意代码。

|漏洞EXP

PHP Store Real Estate Remote File Upload

Author: ZoRLu  msn: trt-turk@hotmail.com

home: www.z0rlu.blogspot.com

N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (

-----------------------------------------


exploit:


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

login to site and edit your profile

upload your_shell.php 

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

---------------------------------------------

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/realty/re_images/1226243945_logo_c.php


http://www.phpstore.info/demos/realty/re_images/ ( you look here and see shell 1226243945_logo_c.php )

------------------------------------------------

thanks: str0ke & yildirimordulari.org  &  darkc0de.com

# milw0rm.com [2008-11-10]

|参考资料

来源:XF
名称:realestate-reimages-file-upload(52446)
链接:http://xforce.iss.net/xforce/xfdb/52446
来源:VUPEN
名称:ADV-2008-3101
链接:http://www.vupen.com/english/advisories/2008/3101
来源:MILW0RM
名称:7085
链接:http://www.milw0rm.com/exploits/7085
来源:SECUNIA
名称:32626
链接:http://secunia.com/advisories/32626
来源:OSVDB
名称:50293
链接:http://osvdb.org/50293

phpstore real_estate 任意文件上传漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞