Mini File Host v1.5 Remote File Upload Vulnerability

vendor:

Mini File Host

by:

Mr.Z

7.5

CVSS

HIGH

Remote File Upload Vulnerability

264

CWE

Product Name: Mini File Host

Affected Version From: Mini File Host v1.5

Affected Version To: Mini File Host v1.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Mini File Host v1.5 Remote File Upload Vulnerability

This vulnerability allows an attacker to upload a malicious file to the server if the 'storage' file is not protected with a htaccess file or any other security measure. The attacker can click on 'Browse' and select a malicious file, click 'Upload' and after the upload is complete, the attacker can copy the new name of the shell and access it via the URL http://server/script/storage/<shell_name>.php

Mitigation:

Protect the 'storage' file with a htaccess file or any other security measure.

Source

Exploit-DB raw data:

=====================================================================

=========
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|


=====================================================================

=========
        [»] ~ Note : This vulnerability allows you to upload if the "storage" file isn't protected with a htaccess file or

anything else
=====================================================================

=========
        [»] Mini File Host v1.5 Remote File Upload Vulnerability
=====================================================================

=========

    [»] Script:             [ Mini File Host ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ Mini File Host v1.5 ]
    [»] Download:           [ http://www.hotscripts.com/listing/mini-file-host/ ]
    [»] Founder:            [ Mr.Z <tzar.evil@yahoo.com> ]
    [»] Greetz to:          [ all muslims , ViRuSMaN  ]

###########################################################################

===[ Exploit ]===

  Click on "Browse" and select your php shell
  Click Upload
  After it finishs , you will see this meassage (

  Your file was uploaded!

  Your download link

  http://server/script/download.php?file=328shell.php

  )

  Copy the new Name of the shell "328shell.php"

  Now Go to this Url

  http://server/script/storage/328shell.php

  if "Storage" wasn't protected your shell will open


Author: Mr.Z <-

###########################################################################