MySpace Content Zone RFi

vendor:

MySpace Content Zone

by:

Don & breaker_unit

5.5

CVSS

MEDIUM

Remote File Inclusion

CWE

Product Name: MySpace Content Zone

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

The vulnerability allows an attacker to include a remote file on the vulnerable server by exploiting the 'uploadgames.php' script in the MySpace Content Zone. By uploading a malicious shell and accessing it through the 'thumb' directory, an attacker can gain unauthorized access to the server.

Mitigation:

To mitigate this vulnerability, the admin area should be secured and input validation should be implemented to prevent remote file inclusion.

Source

Exploit-DB raw data:

----------------------------------------------------
[+-MySpace Content Zone RFi-+]
----------------------------------------------------
Found By Don & breaker_unit
----------------------------------------------------


Vuln file: /admin/uploadgames.php
Fix: secure admin area

Dork: "Powered by MySpace Content Zone"


go to /admin/uploadgames.php
example:
http://www.virtualdynamite.com/admin/uploadgames.php
and upload your shell - lets say it is named as c99.php

ok, now go to /uploads/thumb/c99.php
like: http://www.virtualdynamite.com/uploads/flash/c99.php

and - what you see ?? :xD
your shell!

Note1: you can add .php%00.jpeg cause %00 = null
Note2: it takes awhile to upload a shell sometimes!


Creditz to breaker_unit, h4cky0u.org and str0ke!
Don is wishing Happy Holidays to all of you reading this!
Cheers!

# milw0rm.com [2007-12-18]