header-logo
Suggest Exploit
vendor:
Living Local V1.1
by:
Bgh7
9.3
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: Living Local V1.1
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: Yes
Related CWE: N/A
CPE: a:living_local:living_local_v1.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Living Local V1.1 Remote File Upload Vulnerability

Living Local V1.1 is prone to a remote file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

The vendor has released a patch to address this issue. Users are advised to upgrade to the latest version.
Source

Exploit-DB raw data:

Authot: Bgh7
 
Home: http://ozelteam.com - Turk Bilisim Gücleri
 
Pst: bybgh7@msn.com
 
=============================
 
Dork: allinurl:clientsignup.php "classifieds"
 
Dork2: Powered By: Living Local V1.1
 
Demo: http://www.jerseyads.net/listtest.php?r="><script>alert()</script>
 
Demo2: http://homes.relatedlistings.com/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php
 
http://homes.relatedlistings.com/Member_Admin/
 
E-Mail: bybgh7@msn.com
Password: tbg1122
=============================
 
you must register to site ( direckt register link: http://localhost/script_path/registerlandlord.php ) ( siteye uye ol )

and login ( direckt link: http://localhost/script_path/Member_Admin/index.php ) ( giris yap )

after edit your banner ( direckt link: http://localhost/script_path/Member_Admin/editimage.php?clientid=[MemberAdminPass] )

or first click "Edit Account Info" after click "Your Logo" Edit button ( "Edit Account Info" yazýsýna tIkla sonra da edit butonuna tIkla )

and open new page. you click gozat button and select your_sheell.php ( acIlan yeni sayfada senin hazIr shell i upload et )

after click to submit button. you should see "Your image will be review." ( "Your image will be review." bu yazIyI gormelisin )

if you see "Your image will be review." your shell upload succesfull. ( gorduysen yukleme basarIlI )

after repeat click to "Edit Account Info" and open page. your logo right click and properties select this link copy

after paste your explorer go your_shell.php ( sonra yine "Edit Account Info" yazIsIna Týkla

acIlan sayfada logonun ustunde sag tIkla ozellikleri Týkla linki kopyala sonrada shelle ulas )
 
 
==========================
 
Thanks: str0ke - ÇılgınTurk

# milw0rm.com [2008-12-10]

Navigation

Suggest Exploit

Services By CQR