Uber Uploader '.php'未限制文件上传漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192221 漏洞类型 未知
发布时间 2007-01-08 更新时间 2007-01-08
CVE编号 CVE-2007-0123 CNNVD-ID CNNVD-200701-057
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://www.securityfocus.com/bid/86774
https://cxsecurity.com/issue/WLB-2007010032
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-057
|漏洞详情
Uber上传器4.2中存在未限制文件上传漏洞。远程攻击者可以通过用一个.phtml扩展名给这些文件进行命名,来上传和运行任意的PHP脚本。该命名过程会绕过.php扩展名检查,但是在某些服务器配置下仍具有可执行性。
|漏洞EXP
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++
|
|Uber Uploader 4.2 Arbitrary File Upload Vulnerability
|Gamma Security Team
|www.nullak.com	
|www.gammahack.com
|Discovered:Null
|Official Site:http://sourceforge.net/projects/uber-uploader
|Download Link:http://belnet.dl.sourceforge.net/sourceforge/uber-uploader/Uber-Upl
oader_4.2.zip
|Risk:High
|Type:Arbitrary File Upload Vulnerability
|Vuln:
|1-First Rename Your shell.php to shell.phtml then upload it and use it
|(This Script Do Not Allow To Upload php But U Can Upload phtml File)
|
|
|Contact:null_hack (at) yahoo (dot) com [email concealed]
|
|Gr33tz to : All Iranian Hackerz
|受影响的产品
Uber Uploader Uber Uploader 4.2
|参考资料

来源:BUGTRAQ
名称:20070105UberUploader4.2ArbitraryFileUploadVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/456045/100/0/threaded
来源:XF
名称:uber-uploader-phtml-file-upload(31303)
链接:http://xforce.iss.net/xforce/xfdb/31303
来源:SREASON
名称:2116
链接:http://securityreason.com/securityalert/2116