Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17774
HistoryAug 14, 2007 - 12:00 a.m.

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

2007-08-1400:00:00
vulners.com
17
JSON

Neuron Blog Admin Permission Bypass and Remote File Upload Vulnerability

Script : Neuron Blog

Version : 1.1

Site : http://dev.localhost.be/?q=detail-script&id=11

Founder : Rizgar

Contact : [email protected] and irc.gigachat.net #kurdhack

Thanks : KHC,PH,ColdHackers and all Kurdish script kiddies/hax0rs/lame/l33t/

d0rk : "neuron blog powered"

Vulnerability details:

This blog the prepare persons to in "/admin" page to the entrance of far away did't hinder. To reach of far away to be done is necessary just a "click" :) www.site.com/admin

The effect area : The modules in admin

Let us look at now /admin/pages/blog-add.php ;

lines = 42 finish 55

<b>file:</b><br/>
<input type="hidden" name="MAX_FILE_SIZE" value="1024000" />
<input name="uploadfile" type="file" />

<p></p>

<b>filetype:</b><br/>
<select name="filetype">
<option value=""></option>
<option value="photo">photo</option>
<option value="document">document</option>
</select>

<p></p>

<input type="submit" name="submit" value="add blog item!" />
</form>

Note : If you join the admin modules add blog will get out. You can throw the file to website :) you can find your file in the link is /example/uploads or anyway can you see the homapage :)

Now relative the PoC

http://www.site.com/admin/blog-add.php

http://www.site.com/uploads/phpshell.php :]

and upload your files :) there is two is choose 1) photo 2) documents

JSON