CVE-2008-6943
published 2009-08-12CVE-2008-6943: Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file…
PriorityP341medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
3.95%
89.1th percentile
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload
exploitdb·2008-11-13
CVE-2008-6944 ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload
ScriptsFeed (SF) Auto Classifieds Software - Arbitrary File Upload
---
[~] ScriptsFeed (SF) Auto Classifieds Software Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/cars_images/[id]_logo_your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you go profile edit
profile: http://localhost/script/
Exploit-DB
ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload
exploitdb·2008-11-13
CVE-2008-6944 ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload
ScriptsFeed (SF) Recipes Listing Portal - Arbitrary File Upload
---
[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] dork: allinurl:"recipedetail.php?id=" ( çok site var sömürün : ) )
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/pictures/[id]your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
m
Exploit-DB
ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload
exploitdb·2008-11-13
CVE-2008-6944 ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload
ScriptsFeed (SF) Real Estate Classifieds Software - Arbitrary File Upload
---
[~] ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/re_images/[id]_logo_your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you go profile edit
profile: http://local
No writeups or analysis indexed.
http://osvdb.org/49960http://secunia.com/advisories/32690http://www.securityfocus.com/bid/32293https://exchange.xforce.ibmcloud.com/vulnerabilities/46607https://www.exploit-db.com/exploits/7112http://osvdb.org/49960http://secunia.com/advisories/32690http://www.securityfocus.com/bid/32293https://exchange.xforce.ibmcloud.com/vulnerabilities/46607https://www.exploit-db.com/exploits/7112
2009-08-12
Published