[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability

Author
CWH Underground
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3830
Category
web applications
Date add
02-10-2008
Platform
unsorted
===================================================
Kwalbum <= 2.0.2 Arbitary File Upload Vulnerability
===================================================


==========================================================
  Kwalbum <= 2.0.2 Arbitrary file upload Vulnerabilities
==========================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 3 October 2008

##################################################################
APPLICATION : Kwalbum
VERSION     : <= 2.0.2
DOWNLOAD    : http://downloads.sourceforge.net/kwalbum/kwalbum-2.0.2.zip
##################################################################

-----------------
Description:
-----------------
After registeration, you may obtain view, upload or admin permission.
If you obtain an upload permission, you can upload php files which can access as a below example url.

-----------
Exploit:
-----------
[+] upload page: http://[target]/[path to kwalbum]/?p=UploadItems
[+] exploit file format: http://[target]/[path to kwalbum]/[path to store image]/[year]/[month]/shell.php
[+] exploit file example: http://[target]/[path to kwalbum]/items/08/10/shell.php


#####################################################################



#  0day.today [2024-11-15]  #