Home page logo
/

bugtraq logo Bugtraq mailing list archives

upload malicious file in VBZooM forums
From: hish _ hish <hish_hish565 () hotmail com>
Date: 9 Oct 2002 15:21:09 -0000



Name:    VBZooM
Version Affected:  tested on v1.01 maybe other version vulnerable also
Severity:  Critical
Category: upload system
Vendor URL:   http://www.vbzoom.com
Author:   hish_hish <hish_hish565 () hotmail com>
Date:  discloused on 28th Aug 2002
           published at 8th oct 2002

Description
***********
VBZooM is bulletin board system which written in php,
the problem lay on file upload system, the script uses JavaScript to check 
for valid extinsions.
and you can bypass this check in two ways (see Details).
 
 
Details
*******
there are two ways to bypass the JavaScript file extinsion check,

1st :
 you should be a member in the victim script,
 and go to make new subject, now save the page in your hard drive
 and remove the JavaScript code    // at the last of the page
 and make some changes in <form action="add-subject.php ......>
 to <form action="http://victim/VBZoom/add-subject.php ....>
 now select your malicious file to upload it (should be .php)
 OK now hit submit bottom , the forum will redirect you to your subject
 douh :) your file waiting you as attachment :)
NOTE : all visitor can see and use your uploaded file , so forget the 1st 
way and see 2nd: .
 
2nd:

 you dont need to be a member in victim forum , just follow me :) .
 http://www.victim.com/VBZooM/add-subject.php?Success=1
 &FileName=SourceFile&FileName_size=500&FileName_name=DistFile
 it will upload your file in "/download" directory.
 now execute your .php file  
http://www.victim.com/VBZooM/download/DistFile  :))
 

Fix Information
***************
contact http://www.vbzoom.com



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault