Phpbuddies arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

2011-03-20T00:00:00
ID MYHACK58:62201129793
Type myhack58
Reporter 佚名
Modified 2011-03-20T00:00:00

Description

Phpbuddies is an open-source article Directory System, Phpbuddies in the presence of arbitrary file upload vulnerability that could result in an attacker access to the web shell.

[+]info: ~~~~~~~~~

[~] Phpbuddies 0day Arbitrary Upload File Vulnerability [~] Author : Xr0b0t (xrt.interpol@gmx.us) [~] Homepage : www.indonesiancoder.com | xrobot. mobi | mc-crew.net | exploit-id.com [~] Date : 1 8 Mart, 2 0 1 0 [~] Tested on : BlackBuntu RC2 [~] Vendor : http://phpbuddies.com [~] Download : http://phpbuddies.com/index.php?module=downloadcenter&action=download_home [~] Price : LICENSI REQUEST [~] Vulnerability : Upload File [~] Dork : "Nothing Preson Laa!!" ;) [~] Version : Not Find The Version

[+]poc: ~~~~~~~~~

[ Default Site ] http://127.0.0.1/phpbuddies/ [ XpL ] [~] Step 1 : Find A CMS With Google Dork [~] Step 2: Register In This Site [~] Step 3: Click On Account Settings [~] Step 4: Click On Upload Images [~] Step 5: Click On File Will Be Uploaded ( Uploaded The File . php or . jgp) [~] Step 6: And Click on the Manage Photo [~] Step 7: You Will See the file systemupload/profile/

[ Demo ] Site : http://127.0.0.1/phpbuddies/ Trojan : http://127.0.0.1/phpbuddies/index.php?module=profile&action=myaccount "Upload The shell.php Manage Photo" Result : http://127.0.0.1/phpbuddies/systemupload/profile/foot.phpshell.php with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked

Goo The IndonesianCoder!!!

[+]Reference: ~~~~~~~~~ http://www.exploit-db.com/exploits/17007