phpstore complete_classifieds 任意文件上传漏洞

漏洞ID	1116708	漏洞类型	权限许可和访问控制
发布时间	2008-11-10	更新时间	2009-08-12
CVE编号	CVE-2008-6928	CNNVD-ID	CNNVD-200908-083
漏洞平台	PHP	CVSS评分	6.5

|漏洞来源

https://www.exploit-db.com/exploits/7084
https://cxsecurity.com/issue/WLB-2009080022
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200908-083

|漏洞详情

PHPStoreCompleteClassifieds中的任意文件上传漏洞。远程认证用户通过上传一个具有例如logo那样的可执行扩展名的一个文件并向classifieds1/yellow_images/的文件提交一个直接请求来访问该文件，以执行任意代码。

|漏洞EXP

PHPStore Complete Customizable Classifieds Remote File Upload

Author: ZoRLu  msn: trt-turk@hotmail.com

home: www.z0rlu.blogspot.com

N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (

-----------------------------------------


exploit:


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

login to site and Add Listing click open the new page upload logo (upload your_shell.php)

your_shell.php path:

localhost/script/yellow_images/[ID]_logo_your_shell.php

---------------------------------------------

example for demo:

login: http://www.phpstore.info/demos/cars/login.php

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/classifieds1/yellow_images/1226242317_logo_c.php 


http://www.phpstore.info/demos/classifieds1/yellow_images/ ( you look here and see shell 1226242317_logo_c.php )

------------------------------------------------

thanks: str0ke & yildirimordulari.org  &  darkc0de.com

# milw0rm.com [2008-11-10]

|参考资料

来源:VUPEN
名称:ADV-2008-3100
链接:http://www.vupen.com/english/advisories/2008/3100
来源:MILW0RM
名称:7084
链接:http://www.milw0rm.com/exploits/7084
来源:SECUNIA
名称:32626
链接:http://secunia.com/advisories/32626
来源:OSVDB
名称:50294
链接:http://osvdb.org/50294

phpstore complete_classifieds 任意文件上传漏洞

|漏洞来源

|漏洞详情

|漏洞EXP

|参考资料

检索漏洞

相关漏洞