eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
BID:22498
Info
eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
| Bugtraq ID: | 22498 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-0871 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | hamed bazargani is credited with the discovery of this vulnerability. |
| Vulnerable: |
eXtremepow eXtreme File Hosting 0 |
| Not Vulnerable: | |
Discussion
eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
eXtreme File Hosting is prone to an arbitrary file-upload vulnerability because it fails to sufficiently sanitize user-supplied input.
Exploiting this issue could allow an attacker to upload and execute arbitrary PHP script code in the context of the affected webserver process. This may help the attacker compromise the application; other attacks are possible.
Exploit / POC
eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
Attackers can exploit this issue via a web client.
The following exploit is available:
Attackers can exploit this issue via a web client.
The following exploit is available:
Solution / Fix
References
eXtreme File Hosting Arbitrary RAR File Upload Vulnerability
References:
References:
- eXtreme File Hosting Web Site (eXtreme File Hosting)
- eXtreme File Hosting remote file upload vulnerability ([email protected])