Free Image Hosting Script Remote File Upload Vulnerability
Exploit Title: Free Image Hosting Script [all versions] Remote File
Upload Vulnerability
Author: ySecurity
Software developer: http://www.photohostingscript.com
Affected Version: All versions supported ted
Defect: Remote File Upload
Test Platform: Windows 7
Developer notified
Note: You will ONLY be able to find your shell if the "/pictures"
Directory and if the directory is not forbidden.
This exploit allows hackers to upload a PHP backdoor into "/pictures /"
Directory via the use of Live HTTP Headers (Firefox Addon)
Defect Analysis
Tools Needed: Live HTTP Headers, Backdoor Shell
Step 1: Locate upload form on index page.
Step 2: Rename your shell to shell.php.jpg and start capturing data
Live HTTP Headers
Step 3: Enter tags for the image (can be anything)
Step 4: Replay data with Live HTTP Headers-
Step 5: Change [Content-Disposition: form-data; name = "image1 ";
Filename = "shell.php.jpg" \ r \ n] to [Content-Disposition: form-data;
Name = "image1"; filename = "shell. php" \ r \ n]
Step 6: Locate pictures directory:
Www.2cto.com/imagehostingscript/pictures/(usually)
Step 7: Find PHP file (random digits. php) = shocould look like
(321879194bc8ff2843bf7b63a666f665. php)
Step 8: Navigate to backdoor =
Www.2cto.com/imagehostingscript/pictures/321879194bc8ff2843bf7b63a666f665. php