header-logo
Suggest Exploit
vendor:
Musicbox
by:
indoushka
8,8
CVSS
HIGH
Upload Shell
434
CWE
Product Name: Musicbox
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: NO
Related CWE: N/A
CPE: a:shalwan_enterprises:musicbox:3.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2010

Musicbox Version 3.3 Upload Shell Vulnerability

Musicbox Version 3.3 is vulnerable to an upload shell vulnerability. An attacker can exploit this vulnerability by accessing the up.php page without registering and then accessing the Ch99.php page to find the uploaded shell.

Mitigation:

Restrict access to the up.php page and ensure that all uploaded files are scanned for malicious content.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Musicbox Version 3.3 Upload Shell Vulnerability            
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com             
| # Script   : COPYRIGHT 2010 - Musicbox Version 3.3 Product of Shalwan Enterprises      
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Upload Shell                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- http://127.0.0.1/version3.3/up.php (Upload Ev!l Whithout Register)
 
 2- http://127.0.0.1/version3.3/audio/Ch99.php (2 Find Ev!l)
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR