- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6082
- Проверка EDB
-
- Пройдено
- Автор
- COLD ZERO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-7088 cve-2008-0251
- Дата публикации
- 2008-07-15
Код:
vBulletin PhotoPost vBGallery v2.x Remote File Upload
Found by : Cold z3ro
e-mail : [email protected]
Home page : www.Hack.ps
==============================
exploit usage :
http://localhost/Forum/$gallery_path/upload.php
here the exploiter can upload php shell via this script
by renamed it's name to $name.php.wmv
but first he should be a user in the forum
thats so important to him cus the uploaded file will be
in his account nomber folder .
example :
user : Cold z3ro
http://www.hackteach.org/cc/member.php?u=4
his account nomber is 4 as shown in link ,
the uploaded file ( shell ) will be in
http://localhost/Forum/$gallery_path/files/4/$name.php.wmv
id the user Cold z3ro have acconut nomber as example ( 12345 )
the file path is
http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv
===================
i want tho thank all members in www.hackteach.org forums , best work u are done.
thank u .
# hackteach.org
# milw0rm.com [2008-07-15]- Источник
- www.exploit-db.com
