[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

odlican cms v.1.5 remote file upload vulnerability

Author
73o
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10766
Category
web applications
Date add
05-02-2010
Platform
unsorted
==================================================
odlican cms v.1.5 remote file upload vulnerability
==================================================

#odlican.net cms v.1.5 remote file upload vulnerability
 
 
#you can download following cms here
#http://cms.odlican.net/files/cmsv1-5.zip
 
 
 
#Info:odlican.net cms v.1.5 is simple opensource cms made by croatian web designers
and it has serious flaw.
 
 
#dork:Powered by odlican.net cms v.1.5
 
 
 
#what is vulnerable?
 
this is vulnerable part of code from upload.php and it will upload any file to /cms/files/ folder(including dangerous php scripts)
 
if ( isset($_POST['pokreni'])){
     $target_path = "files/";
     $target_path = $target_path . basename( $_FILES['uploadedfile']['name']);
     if(move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {echo "Datoteka ". basename( $_FILES['uploadedfile']['name']). " je snimljena na server";} else{ echo "Do�lo je do gre�ke poku�ajte ponovno!";}
     }
 
 
 
 
#there should be code that will filter some extensions like .php etc.....
 
#fixajte si taj kod. dodajte da skripta provjerava ekstenzije i velicinu filea




#  0day.today [2024-12-24]  #