Computer Security

Security Advisory: Best Top List Remote File Upload Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  mcNews (skinfile) Remote File Include Vulnerability

  Beautifier Version 0.1 Remote File Include Vulnerability // MefistoLabs.Com

  Lib2 PHP v0.2 (DOCUMENT_ROOT)
Remote File Inclusion Vulnerability

  SOTEeSKLEP Remote File Disclosure Vulnerability

From:rizgar_(at)_linuxmail.org <rizgar_(at)_linuxmail.org>
Date:13.08.2007
Subject:Best Top List Remote File Upload Vulnerability

Best Top List Remote File Upload Vulnerability
----------------------------------------------

Script : Best Top List

Version : All Version

Site : http://besttoplist.sourceforge.net (Closed)

Founder : Rizgar

Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack

Thanks : KHC, PH , ColdHackers

d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK"



----------------------------------------------

Vulnerability details ;

Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see


POC :



http://www.site.com/path/banner-upload.php




-----------------------------------------------------------


Code god ready in one simple shape.;


> cat banner-upload.php

echo "<br><br><center>" . $lang['uploadtxt'] . "<br><br>      >>>>>> see :]

<form enctype='multipart/form-data' method='post' action='upload.php'>

<input type='hidden' name='action' value='upload'>

<table frame=box rules=none border=0 cellpadding=2

      cellspacing=0 align='center'>

  <tr>

     <td>Banner:</td>

     <td><input type='file' name='userfile'></td>

  </tr>

     <tr>

     <td>" . $lang['siteurlwohttp'] . ":</td>

     <td><input type='input' name='sitename'></td>

  </tr>

  <tr>

     <td></td>

     <td><input type='submit' name ='upload'

                value='Upload'></td>

  <tr>

</table>

</form>";
include "footer.php";

?>


About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server