File Upload Attack Analysis

Target Information

• Target: 192.168.0.127
• Potential Credentials:
• board: 123456
• root: 123456

Identified Upload Vulnerability URLs

• http://192.168.0.127/board/board.cgi?j=form
• http://192.168.0.127/~board/cool/new.html?code=test
• http://192.168.0.127/spboard/board.cgi?id=test&page=1&action=view&number=3.cgi&img=no

Issue Details

The target allows file uploads, but the execution location of the uploaded file cannot be determined. Clicking on the uploaded file link does not trigger execution.

Key Objectives:

• Determine the actual storage location of the uploaded files.
• Methods to identify file location:
  • Upload an image file to deduce the path.
  • Download the source code of the application (if available) and analyze it to identify the file storage location.

Example URL for File Download

http://192.168.0.127/spboard/board.cgi?id=test&number=3.cgi&file=lhs.php.txt&action=down_file

Open Source Board Software

• 제로보드 → XpressEngine
• 그누보드 → 구누보드
• 워드프레스 → 킴스보드