Upload_images Script (-7777) Upload Shell Vulnerability

vendor:

Upload_images Script (-7777)

by:

cyberlog

8,5

CVSS

HIGH

Upload Shell Vulnerability

N/A

CWE

Product Name: Upload_images Script (-7777)

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2010

Upload_images Script (-7777) Upload Shell Vulnerability

Upload_images Script (-7777) is prone to an arbitrary file-upload vulnerability because it fails to adequately sanitize user-supplied input. An attacker can exploit this issue to upload arbitrary PHP code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

No known mitigation

Source

Exploit-DB raw data:

======================================================================
Upload_images Script (-7777) Upload Shell Vulnerability
======================================================================



1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                    I'm cyberlog  member from Inj3ct0r Team            1
1                    ######################################            0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1



Upload_images Script (-7777) Upload Shell Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Scripts         : v2marketplacescript
Tested on	: Linux
Scripts site    : http://marketplacescript.net/
Discovered By   : cyberlog
date 		: 04-20-10
My Site         : http://www.sekuritionline.net
IRC Channel     : #sekuritionline
Special To      : inj3ct0r.com, adhietslank, k1n9k0ng, cah_gemblunkz, jayoes, thesims, setiawan,irvian, cr4wl3r, EA_Angel, BlueSpy, SoEy, A-technique, SarifJedul
keydork		: "Copyright 2009 MarketplaceScript.net" or ur can modification
exploit		: http://localhost/path/upload_test.php  -- u can upload BackDooR shell -
                  http://localhost/path/upload_images.php  -- View BackDooR Shell -

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++