header-logo
Suggest Exploit
vendor:
Battle Scrypt
by:
DigitALL
8,8
CVSS
HIGH
Remote File Upload
434
CWE
Product Name: Battle Scrypt
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:scrypted:battlescrypt
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

Battle Scrypt Shell Upload Vulnerability

A remote file upload vulnerability exists in Battle Scrypt, which allows an attacker to upload a malicious file to the server. The attacker can then access the malicious file by accessing the URL /images/uploads/[id].php. This vulnerability can be exploited by using the d0rk 'Powered by Battle Scrypt' or inurl:upload.php.

Mitigation:

The application should validate the file type before allowing it to be uploaded. The application should also restrict the file types that can be uploaded.
Source

Exploit-DB raw data:

 # Exploit Title: Battle Scrypt Shell Upload Vulnerability

# Date: 19.05.2010

# Author: DigitALL

# Software Link:
http://www.scrypted.com/battlescrypt.html

# Tested on: Windows Xp Sp3

# Code :

d0rk: "Powered by Battle Scrypt" or inurl:upload.php For Script Kidde :)

Exploit: Go To /upload.php Your Shell shell.php.jpg And Shell Upload.And
Display* stats.php?id=[id]*

Your Shell Link : /images/uploads/[id].php

Gr33tz Thanks: Efe KroNicKq NoFearx38 and All 1923Turk.Com Members

Site's: // www.digitallsecurity.org // digit4ll.blogspot.com //
www.hacker-zone.org // www.katliam.org // www.sirperdesi.org //
www.kankardes.com //

Navigation

Suggest Exploit

Services By CQR