header-logo
Suggest Exploit
vendor:
Flax Article Manager
by:
S.W.A.T.
7.5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Flax Article Manager
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Flax Article Manager 1.1 Remote File Upload Vulnerability

A vulnerability in Flax Article Manager 1.1 allows an attacker to upload a malicious file to the server. An attacker can register on the site, choose a malicious file as their avatar, and the malicious file will be uploaded to the server. The malicious file can then be accessed by going to the profile page of the attacker and right-clicking on the avatar to view the properties. The malicious file can then be accessed by going to the URL of the malicious file.

Mitigation:

To mitigate this vulnerability, the application should validate the file type of the uploaded file and only allow certain file types to be uploaded.
Source

Exploit-DB raw data:

[~] Flax Article Manager 1.1 Remote File Upload Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: S.W.A.T.   svvateam@yahoo.com
[~]
[~] Home: www.batlagh.com
[~]
[~] Script Page: http://www.clixint.com/products/articles
[~]
[~] Dork: Copyright 2006 © Flax Article Manager v1.1
[~] -----------------------------------------------------------

Xpl:

1.First Register Into The Site ( link: www.site.com/[path]/register.php )

2.Login With Your Username & Password

3.Choose A Picture For Your Avatar You Can Use All Extention File Ex: c99.php
[In Edit Profile] Or [Register Page] You Can Select The File

4.Your Shell Will Be Appear In This Folder ( link: www.site.com/[path]/images/author_pics/[random id]_avatar.php )

5.Go To This Url: www.site.com/[path]/profile.php?author_id=[Your Author ID] Then Right Click On The Pic And Use Properties To Find Out The Link Of Shell Script

6.Hack The Site ;)


Demo:

http://www.articlesitedemo.com



[~] Me:

I'll Be  A C I D A L !!!

# milw0rm.com [2009-01-27]

Navigation

Suggest Exploit

Services By CQR