扫码分享
验证:
体验盒子
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 | [!]===========================================================================[!] [~] Kleophatra 0.1.4 0day Arbitrary Upload File Vulnerability [~] Author : Xr0b0t (xrt.interpol@gmx.us) [~] Homepage : www.indonesiancoder.com | xrobot.mobi | mc-crew.net | exploit-id.com [~] Date : 18 Mart, 2010 [~] Tested on : BlackBuntu RC2 [!]===========================================================================[!] [ Software Information ] [+] Vendor : http://portal.kleophatra.org [+] Download : http://releases.kleophatra.org/kleophatra.zip [+] Price : free [+] Vulnerability : Upload File [+] Dork : "powered by Kleophatra" ;) [+] Version : Kleo 0.1.4 [!]===========================================================================[!] Vulnerable Javascript Source Code: in users.php ------------------------------------------------------------------------ function show_avatar(&$abuff){ $uid = $_SESSION['uid']; $this->tpl_load('avatar.tpl', $abuff); if(isset($_POST['do_avatar'])){ $this->do_avatar(); } } ------------------------------------------------------------------------ in avatar.tpl ------------------------------------------------------------------------ <div align="center"> <h1>{=lang(L_CHANGE_AVATAR)}</h1> <form method="post" enctype="multipart/form-data"> {=lang(L_AVATAR)}:<br/> <input type="file" name="avatar" id="avatar" style="height:25px;" /><br/><br/> <input type="submit" name="do_avatar" value="{=lang(L_CHANGE_AVATAR)}" /><br/><br/> </form> </div> ------------------------------------------------------------------------ [ Default Site ] http://127.0.0.1/kleo/ [ XpL ] [~] Step 1 : Find A CMS With Google Dork [~] Step 2: Register In This Site [~] Step 3: Click On Change Your Avatar [~] Step 4: Click On Upload Images [~] Step 5: Click On File Will Be Uploaded ( Uploaded The File *.php or *.jgp) [~] Step 6: And Click on Change Your Avatar [~] Step 7: You Will See the file media/avatars/"username"/"the file" [ Demo ] Site : http://127.0.0.1/kleo/ exploit : http://127.0.0.1/kleo/index.php?module=users&action=avatar "Upload The shell.php in change your avatar" Result : http://127.0.0.1/kleo/media/avatars/Xr0b0t/shell.php with a default configuration of this script, an attacker might be able to upload arbitrary files containing malicious PHP code due to multiple file extensions isn't properly checked Goo The IndonesianCoder!!! [!]===========================================================================[!] [ Thx TO ] [+] Don Tukulesto DUDUl Kok G rene2... Kal0ng 666 Cepet Jadikan Ntu PRoyek [+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber [+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot [+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck [+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha,Geni212 [ NOTE ] [+] OJOK JOTOS2an YO .. [+] Minggir semua Arumbia Team Mau LEwat ;) [+] MBEM : lup u :"> [ QUOTE ] [+] INDONESIANCODER still r0x... [+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat .. [+] Malang Cyber Crew & Magelang Cyber Community |
体验盒子
