Free Image Hosting Script Arbitrary File Upload and repair

 

Free Image Hosting Script Remote File Upload Vulnerability

Exploit Title: Free Image Hosting Script [all versions] Remote File

 

Upload Vulnerability

 

Author: ySecurity

Software developer: http://www.photohostingscript.com

Affected Version: All versions supported ted

Defect: Remote File Upload

Test Platform: Windows 7

Developer notified

 

Note: You will ONLY be able to find your shell if the "/pictures"

 

Directory and if the directory is not forbidden.

 

 

This exploit allows hackers to upload a PHP backdoor into "/pictures /"

 

Directory via the use of Live HTTP Headers (Firefox Addon)

 

Defect Analysis

 

Tools Needed: Live HTTP Headers, Backdoor Shell

 

 

Step 1: Locate upload form on index page.

 

Step 2: Rename your shell to shell.php.jpg and start capturing data

 

Live HTTP Headers

 

Step 3: Enter tags for the image (can be anything)

 

Step 4: Replay data with Live HTTP Headers-

 

Step 5: Change [Content-Disposition: form-data; name = "image1 ";

 

Filename = "shell.php.jpg" \ r \ n] to [Content-Disposition: form-data;

 

Name = "image1"; filename = "shell. php" \ r \ n]

 

Step 6: Locate pictures directory:

 

Www.2cto.com/imagehostingscript/pictures/(usually)

 

Step 7: Find PHP file (random digits. php) = shocould look like

 

(321879194bc8ff2843bf7b63a666f665. php)

 

Step 8: Navigate to backdoor =

 

Www.2cto.com/imagehostingscript/pictures/321879194bc8ff2843bf7b63a666f665. php