header-logo
Suggest Exploit
vendor:
Image Store
by:
Mr.FireStormm
7,5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Image Store
Affected Version From: Image Store V 1.0
Affected Version To: Image Store V 1.0
Patch Exists: N/A
Related CWE: N/A
CPE: a:scriptidea:image_store:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Image Store Remote file Upload Vulnerability

A vulnerability in Image Store V 1.0 allows an attacker to upload a malicious file to the server. The attacker can use Live HTTP Headers to change the Content-Type from application/octet-stream to image/jpeg, allowing the malicious file to be uploaded. The malicious file can then be accessed at http://www.site.com/imagestore/images/06-08-2010_shell.php

Mitigation:

Ensure that the application is configured to only allow the upload of valid file types and that the application is configured to validate the file type before allowing the file to be uploaded.
Source

Exploit-DB raw data:

============================================= ===================================
============================================= ======
                 Image Store Remote file Upload Vulnerability
============================================= ===================================
============================================= ======



############################################# ###################################
############################################# #######

# Name: Image Store V 1.0

# Date: 09-06-2010

# vendor: http://www.scriptidea.net/imagestore/

# Price: $199.00

# Discovered By: Mr.FireStormm

# Contact : Fire_stormm2003@hotmail.com

# MY Team : TeaM HacKer Egypt

# MY Web  : http://gaza-hacker.com/cc/
############################################# ###################################
############################################# ######


Hello every one 

STEP 1 :  upload shell.php

STEP 2 : useing live http headers and change (Content-Type) form Content-Type: application/octet-stream to

Content-Type: image/jpeg

ur shell uploded now http://www.site.com/imagestore/images/06-08-2010_shell.php

            Example 

http://www.scriptidea.net/imagestore/



Special Thanks To My Best FriendS : Dr.SiLnT HilL ,,,, Mr.Alsaeek 

############################################# ###################################
############################################# ######

Navigation

Suggest Exploit

Services By CQR