Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17753
HistoryAug 13, 2007 - 12:00 a.m.

Best Top List Remote File Upload Vulnerability

2007-08-1300:00:00
vulners.com
51

Best Top List Remote File Upload Vulnerability

Script : Best Top List

Version : All Version

Site : http://besttoplist.sourceforge.net (Closed)

Founder : Rizgar

Contact : [email protected] and irc.gigachat.net #kurdhack

Thanks : KHC, PH , ColdHackers

d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK"


Vulnerability details ;

Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see

POC :

http://www.site.com/path/banner-upload.php


Code god ready in one simple shape.;

> cat banner-upload.php

echo "<br><br><center>" . $lang['uploadtxt'] . "<br><br> >>>>>> see :]

<form enctype='multipart/form-data' method='post' action='upload.php'>

<input type='hidden' name='action' value='upload'>

<table frame=box rules=none border=0 cellpadding=2

   cellspacing=0 align=&#39;center&#39;&gt;

<tr>

  &lt;td&gt;Banner:&lt;/td&gt;

  &lt;td&gt;&lt;input type=&#39;file&#39; name=&#39;userfile&#39;&gt;&lt;/td&gt; 

</tr>

  &lt;tr&gt;

  &lt;td&gt;&quot; . $lang[&#39;siteurlwohttp&#39;] . &quot;:&lt;/td&gt; 

  &lt;td&gt;&lt;input type=&#39;input&#39; name=&#39;sitename&#39;&gt;&lt;/td&gt;

</tr>

<tr>

  &lt;td&gt;&lt;/td&gt;

  &lt;td&gt;&lt;input type=&#39;submit&#39; name =&#39;upload&#39;

             value=&#39;Upload&#39;&gt;&lt;/td&gt;

<tr>

</table>

</form>";
include "footer.php";

?>