LILDBI Shell Upload Vulnerability

vendor:

LILDBI-Web

by:

EraGoN

7,5

CVSS

HIGH

Shell Upload

434

CWE

Product Name: LILDBI-Web

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: NO

Related CWE: N/A

CPE: a:bvsalud:lildbi-web

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Ubuntu (Linux), WinXP SP2/SP3

2010

LILDBI Shell Upload Vulnerability

The vulnerability exists in the LILDBI software version 1.2. An attacker can upload a malicious shell to the vulnerable server by accessing the uploader.php page. The malicious shell can be uploaded to the files directory of the vulnerable server.

Mitigation:

Ensure that the uploader.php page is not accessible to unauthorized users. Also, ensure that the uploaded files are scanned for malicious content.

Source

Exploit-DB raw data:

# Exploit Title: LILDBI Shell Upload Vulnerability
# Date: 23.07.2010
# Author: EraGoN
# Software Link: http://productos.bvsalud.org/product.php?id=lildbi-web〈=en
# Version: 1.2
# Tested on: Ubuntu ( Linux ) - WinXP sp2/sp3

[Dark Hackers Team]

Dork : allinurl:"/lildbi/

POC :
The shell upload page : http://target.com/[path]/lildbi/e/admin/uploader.php

File Desination : http://target.com/[path]/lildbi/e/admin/files/[name].php 

Tyank you :)

Zone-H : 

http://zone-h.org/archive/notifier=Dark Hackers Team

**Proud to be Muslim
**Proud to be Albanian

[ Special Thanks For : Loock3D - XindiviD. - F3n1x1 - H4ckPr0.  all albanian and kosovo hackers ^_^ ]
[ Greetz : Albanian-Legends.CoM - Exploit-DB.COM  - inj3ct0r.com ]