PHPStore Complete Customizable Classifieds Remote File Upload

vendor:

Complete Customizable Classifieds

by:

ZoRLu

N/A

CVSS

N/A

Remote File Upload

CWE

Product Name: Complete Customizable Classifieds

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Unknown

2008

PHPStore Complete Customizable Classifieds Remote File Upload

The PHPStore Complete Customizable Classifieds application allows remote file upload, which can be exploited to upload malicious PHP files and gain unauthorized access to the server. An attacker can register on the site, add a malicious PHP code to the shell, and upload it as a logo. The uploaded shell can then be accessed at the path localhost/script/yellow_images/[ID]_logo_your_shell.php.

Mitigation:

It is recommended to apply a patch or update to a newer version of the PHPStore Complete Customizable Classifieds application that fixes the remote file upload vulnerability. Additionally, access controls and file upload validation should be implemented to prevent unauthorized file uploads.

Source

Exploit-DB raw data:

PHPStore Complete Customizable Classifieds Remote File Upload

Author: ZoRLu  msn: trt-turk@hotmail.com

home: www.z0rlu.blogspot.com

N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (

-----------------------------------------


exploit:


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

login to site and Add Listing click open the new page upload logo (upload your_shell.php)

your_shell.php path:

localhost/script/yellow_images/[ID]_logo_your_shell.php

---------------------------------------------

example for demo:

login: http://www.phpstore.info/demos/cars/login.php

user: zorlu

passwd: zorlu1

shell: ( not permission for demo server )

http://www.phpstore.info/demos/classifieds1/yellow_images/1226242317_logo_c.php 


http://www.phpstore.info/demos/classifieds1/yellow_images/ ( you look here and see shell 1226242317_logo_c.php )

------------------------------------------------

thanks: str0ke & yildirimordulari.org  &  darkc0de.com

# milw0rm.com [2008-11-10]