SAS Hotel Management System Remote Shell Upload

vendor:

SAS Hotel Management System

by:

ZoRLu

8.8

CVSS

HIGH

Remote Shell Upload

434

CWE

Product Name: SAS Hotel Management System

Affected Version From: Prior to 1.0.1

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

SAS Hotel Management System Remote Shell Upload

A vulnerability in the SAS Hotel Management System allows an attacker to upload a malicious shell to the server. The attacker can register an account on the website and upload a malicious shell as a profile picture. The malicious shell can then be accessed at the upload_images directory. This vulnerability affects versions prior to 1.0.1.

Mitigation:

Upgrade to version 1.0.1 or later.

Source

Exploit-DB raw data:

[~] SAS Hotel Management System Remote Shell Upload
[~]
[~] Demo: http://www.aebest.com/home/home.asp
[~] ----------------------------------------------------------
[~] home: yildirimordulari.com   if you wanna help you must register to my site and Ä± will do help to you  xD
[~]
[~] home: yildirimordulari.com   eger yardim istiyosan siteye uye olmalisin xD
[~]
[~] author: ZoRLu  msn: trt-turk@hotmail.com  
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] Date:17/02/09
[~]
[~] My Best Friend: Dr.LY0N
[~] -----------------------------------------------------------

add this code your shell:

GIF89a;

after you go here : http://www.yildirim.com/register_hotel.asp

select your photo but photo must be your shell.asp

after finished you register

your shell here: http://www.yildirim.com/upload_images/shell.asp

 
for demo:

here:  http://www.aebest.com/home/register_hotel.asp

shell: http://www.aebest.com/upload_images/z.asp

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Dr.LY0N & z3h!r & HEAD_HUNTER and yildirimordulari.com all users
[~]
[~] yildirimordulari.com  &  experl.com & z0rlu.blogspot.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-02-17]