facebook facebook twitter rss

PHPBoost 3.0 (upload.php) File Upload vulnerability

Author: TUNISIAN CYBER , Published: 09-12-2013
X-------------------------------------------------------------X
_____ _ _ _ _ _____ _____ _____ ___ _ _ _______ _______ ___________
|_ _| | | | \ | |_ _/ ___|_ _|/ _ \ | \ | | / __ \ \ / / ___ \ ___| ___ \
| | | | | | \| | | | \ `--. | | / /_\ \| \| | | / \/\ V /| |_/ / |__ | |_/ /
| | | | | | . ` | | | `--. \ | | | _ || . ` | | | \ / | ___ \ __|| /
| | | |_| | |\ |_| |_/\__/ /_| |_| | | || |\ | | \__/\ | | | |_/ / |___| |\ \
\_/ \___/\_| \_/\___/\____/ \___/\_| |_/\_| \_/ \____/ \_/ \____/\____/\_| \_|
X-------------------------------------------------------------X


[+] Author: TUNISIAN CYBER
[+] Exploit Title: PHPBoost 3.0 (upload.php) File Upload vulnerability
[+] Date: 9-12-2013
[+] Category: WebApp
[+] Vendor:http://www.phpboost.com/
[+] Download:http://www.phpboost.com/download/file-111+phpboost-3-0-complete.php
[+] Google Dork: intext:"Boosté par PHPBoost 3.0"
[+] Tested on: Win7 , ubuntu 13.04


########################################################################################

1/Register:
http://127.0.0.1/member/register.php

2/Activate your account
3/login
4/Go to http://127.0.0.1/phpboost/member/upload.php
4/Upload your File ex:c99.jpg/tc.txt

Proof:
From Local:http://oi39.tinypic.com/vd0qvc.jpg
From Remote:http://oi39.tinypic.com/io3n01.jpg

File Upload Result:
http://www.sit-m-les-bijoux.fr/upload/tc.txt

./3nD
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

Like us on Facebook :