AOH :: HP Unsorted B :: TB12029.HTM

Best Top List Remote File Upload Vulnerability



Best Top List Remote File Upload Vulnerability
Best Top List Remote File Upload Vulnerability



Best Top List Remote File Upload Vulnerability
----------------------------------------------

Script : Best Top List 

Version : All Version 

Site : http://besttoplist.sourceforge.net (Closed) 

Founder : Rizgar

Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack 

Thanks : KHC, PH , ColdHackers

d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK"



----------------------------------------------

Vulnerability details ;

Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see 


POC :



http://www.site.com/path/banner-upload.php 




-----------------------------------------------------------


Code god ready in one simple shape.;


> cat banner-upload.php 

echo "

" . $lang['uploadtxt'] . "

>>>>>> see :]
Banner:
" . $lang['siteurlwohttp'] . ":
"; include "footer.php"; ?>

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.