Memberkit 1.0 Remote File Upload

vendor:

Memberkit

by:

Lo$er

N/A

CVSS

N/A

Remote File Upload

434

CWE

Product Name: Memberkit

Affected Version From: 1

Affected Version To: 1

Patch Exists: Unknown

Related CWE: None

CPE: a:memberkit:memberkit:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2008

Memberkit 1.0 Remote File Upload

After registered and logged in, a user can upload any type of file in 'My Picture Album' where a picture would usually be uploaded. For example, if the file 'shell.php' was uploaded to somesite.com, its location would likely be http://somesite.com/uploads/pictures/pictures/[user]/[picture number]_shell.php. The location of the file can also easily be found by using your browser's 'view image' function where the image would appear regularly.

Mitigation:

Ensure that user input is properly validated and sanitized before being used in any file uploads.

Source

Exploit-DB raw data:

=================================================================
=================Memberkit 1.0 Remote File Upload================
=================================================================

Vendor: http://www.memberkit.com/
Discovered: 12-30-08
Discovered By: Lo$er

====Exploit====

After registered and logged in, a user can upload any type of file in "My Picture Album" where a picture would usually be uploaded. 
For example, if the file "shell.php" was uploaded to somesite.com, its location would likely be

http://somesite.com/uploads/pictures/pictures/[user]/[picture number]_shell.php 

The location of the file can also easily be found by using your browser's "view image" function where the image would appear regularly. 

===<3===
lots of lub to (irc.)r00tsecurity.org and all of #r00tsecurity

# milw0rm.com [2009-01-01]