VideoIsland Remote shell upload Vulnerability

vendor:

VideoIsland

by:

RENO

7.5

CVSS

HIGH

Remote shell upload

434

CWE

Product Name: VideoIsland

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

VideoIsland Remote shell upload Vulnerability

VideoIsland is vulnerable to a remote shell upload vulnerability. An attacker can upload a malicious PHP shell to the server by exploiting the File Uploader feature in the VideoManager section of the application. The malicious file can be accessed at http://localhost/Path/Storage/reno.php

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions and that the application is configured to only allow the upload of files to a directory outside of the web root.

Source

Exploit-DB raw data:

---------------------------------------
VideoIsland Remote shell upload Vulnerability
---------------------------------------

 #####################################################
 # [+] Author        :  RENO                         #
 # [+] Email         :  R7e@HoTMaiL.coM              #
 # [+] Site :  www.vxx9.cc                           #
 # [+] Team :  SauDi ViRuS TeaM                      #
 # [+] Dork : search for it :p                       #
 # [+] Script : VideoIsland                          #
 #####################################################




[+] demo : http://www.giantisland.com/VideoIsland/
[+] price : $29.00


Exploit :

how to do it :

1-Get in the site
2-go to VideoManager
3- selcet Upload
4-from the File Uploader upload your phpshell

-------------

you will find it in :

http://localhost/Path/Storage/reno.php


good luck :D

Thanks to : Allah ..


Greets : Dr.php , ! BaD BoY ! , Jetli007 , Gov.Hacker , AnTi SeCuRe , Dr.$audi , All Vxx9.Cc Members