PodHawk 1.85 Shell Upload

PodHawk 1.85 Shell Upload: Posted Jun 23, 2013; Authored by CWH Underground; PodHawk version 1.85 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | 66127ace927c9b025512d07ab5c3b575ddacf360ed2d83034adf295a340d4e7e; Download | Favorite | View

PodHawk 1.85 Shell Upload

# Exploit Title   : PodHawk Arbitary File Upload Vulnerability
# Date            : 23 June 2013
# Exploit Author  : CWH Underground
# Site            : www.2600.in.th
# Vendor Homepage : http://podhawk.sourceforge.net
# Software Link   : http://jaist.dl.sourceforge.net/project/podhawk/podhawk/podhawk_1_85/podhawk_1_85.zip
# Version         : 1.85
# Tested on       : Window and Linux
  
  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O .. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /        
  / XXXXXX /
 (________(          
  `------'
  
#####################################################
VULNERABILITY: Unrestricted File Upload 
#####################################################
  
/podhawk/uploadify/uploadify.php (LINE: 33-44)
 
----------------------------------------------------------------------------- 
if (!empty($_FILES))
{
  if ($_GET['upload_type'] == 'audio')
  {
    $writable = 'upload';
    $targetPath = UPLOAD_PATH;
  }
  else
  {
    $writable = 'images';
    $targetPath = IMAGES_PATH;
  }
-----------------------------------------------------------------------------  
  
#####################################################
DESCRIPTION
#####################################################
  
This application has an upload feature that allows an authenticated user
with Administrator roles or User roles to upload arbitrary files cause remote code execution by simply request it.

#####################################################
EXPLOIT POC
#####################################################
  
1. Log On User account (Author) account
2. Access http://target/podhawk/podhawk/index.php?page=record1
3. Upload a file to the upload folder via "Browse"
4. Upload PHP shell (shell.php) and upload it
5. For access shell, http://target/podhawk/upload/shell.php
6. Server Compromised !!
  
################################################################################################################
 Greetz      : ZeQ3uL, JabAv0C, p3lo, Sh0ck, BAD $ectors, Snapter, Conan, Win7dos, Gdiupo, GnuKDE, JK, Retool2
################################################################################################################

Top Authors In Last 30 Days

Red Hat 237 files
indoushka 172 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

PodHawk 1.85 Shell Upload

PodHawk 1.85 Shell Upload

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PodHawk 1.85 Shell Upload

Share This

PodHawk 1.85 Shell Upload

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems