lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 11 Aug 2007 16:51:00 -0000
From: rizgar@...uxmail.org
To: bugtraq@...urityfocus.com
Subject: Best Top List Remote File Upload Vulnerability

Best Top List Remote File Upload Vulnerability
----------------------------------------------

Script : Best Top List 

Version : All Version 

Site : http://besttoplist.sourceforge.net (Closed)

Founder : Rizgar

Contact : rizgar@...uxmail.org and irc.gigachat.net #kurdhack

Thanks : KHC, PH , ColdHackers

d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK"



----------------------------------------------

Vulnerability details ;

Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see


POC :



http://www.site.com/path/banner-upload.php




-----------------------------------------------------------


Code god ready in one simple shape.;


> cat banner-upload.php 

echo "<br><br><center>" . $lang['uploadtxt'] . "<br><br>      >>>>>> see :]

<form enctype='multipart/form-data' method='post' action='upload.php'>

<input type='hidden' name='action' value='upload'>

<table frame=box rules=none border=0 cellpadding=2

       cellspacing=0 align='center'>

   <tr>

      <td>Banner:</td>

      <td><input type='file' name='userfile'></td> 

   </tr>

      <tr>

      <td>" . $lang['siteurlwohttp'] . ":</td> 

      <td><input type='input' name='sitename'></td>

   </tr>

   <tr>

      <td></td>

      <td><input type='submit' name ='upload'

                 value='Upload'></td>

   <tr>

</table>

</form>";
include "footer.php";

?>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ