Social Groupie 'create_album.php' 任意文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117018 漏洞类型 输入验证
发布时间 2008-12-12 更新时间 2009-03-10
CVE编号 CVE-2008-6367 CNNVD-ID CNNVD-200903-021
漏洞平台 PHP CVSS评分 8.5
|漏洞来源
https://www.exploit-db.com/exploits/7435
https://www.securityfocus.com/bid/32795
https://cxsecurity.com/issue/WLB-2009030113
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-021
|漏洞详情
SocialGroupie是一个社交网络脚本,如同Facebook。Ajax的脚本及应用。SocialGroupie的Photos/create_album.php中存在无限制文件上传漏洞。远程验证用户通过上传一个具有可执行扩展名的文件,并通过对Member_images/的文件提交一个直接请求来访问该文件,执行任意代码。
|漏洞EXP
||          ||   | ||         
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,  
                  ( :   /    (_)    /           (   .   
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
|     _                   __           __       __          ______     |
|   /' \            __  /'__`\        /\ \__  /'__`\       /\  ___\    |
|  /\_, \    ___   /\_\/\_\L\ \    ___\ \ ,_\/\ \/\ \  _ __\ \ \__/    |
|  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\ \___``\  |
|     \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ \/\ \L\ \ |
|      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\  \ \____/ |
|       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/   \/___/  |
|                  \ \____/ >> Kings of injection                      |
|                   \/___/                                             |
|                                                                      |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
 
 
<<!>> Found by  :  Cyb3r-1sT
 
<<!>> C0ntact : cyb3r-1st [at] hotmail.com  
                    
<<!>> Groups : InjEctOr5 T3am  
 
=======================================================
+++++++++++++++++++ Script information+++++++++++++++++
=======================================================
 
 
<<->> script   : Social Groupie
 
<<->> download : www.socialgroupie.com   
 
 
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
 
 
<<->> D0rk    : find it
 
<<->> Exploit :>>>  After u Register in site flow this steps  
 
                         Step 1 :>  Goto photos section : http://www.site.me/Photos/photos.php
 
                         Step 2 :> Create new album :  http://www.site.me/Photos/create_album.php
 
                         Step 3 :> Upload ur shell as ( shell.jpg.php Or shell.php ) .. Ur shell will be here http://www.site.me/Member_images/
 
=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
 
<<->> All freinds , all muslims , str0ke 

# milw0rm.com [2008-12-12]
|受影响的产品
Social Groupie Social Groupie 0
|参考资料

来源:MILW0RM
名称:7435
链接:http://www.milw0rm.com/exploits/7435
来源:SECUNIA
名称:33125
链接:http://secunia.com/advisories/33125