[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070811165100.25412.qmail@securityfocus.com>
Date: 11 Aug 2007 16:51:00 -0000
From: rizgar@...uxmail.org
To: bugtraq@...urityfocus.com
Subject: Best Top List Remote File Upload Vulnerability
Best Top List Remote File Upload Vulnerability
----------------------------------------------
Script : Best Top List
Version : All Version
Site : http://besttoplist.sourceforge.net (Closed)
Founder : Rizgar
Contact : rizgar@...uxmail.org and irc.gigachat.net #kurdhack
Thanks : KHC, PH , ColdHackers
d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK"
----------------------------------------------
Vulnerability details ;
Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see
POC :
http://www.site.com/path/banner-upload.php
-----------------------------------------------------------
Code god ready in one simple shape.;
> cat banner-upload.php
echo "<br><br><center>" . $lang['uploadtxt'] . "<br><br> >>>>>> see :]
<form enctype='multipart/form-data' method='post' action='upload.php'>
<input type='hidden' name='action' value='upload'>
<table frame=box rules=none border=0 cellpadding=2
cellspacing=0 align='center'>
<tr>
<td>Banner:</td>
<td><input type='file' name='userfile'></td>
</tr>
<tr>
<td>" . $lang['siteurlwohttp'] . ":</td>
<td><input type='input' name='sitename'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name ='upload'
value='Upload'></td>
<tr>
</table>
</form>";
include "footer.php";
?>
Powered by blists - more mailing lists