Exploit living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
7408
Проверка EDB
  1. Пройдено
Автор
BGH7
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-6530 cve-2008-6529
Дата публикации
2008-12-10
Код:
Authot: Bgh7
 
Home: http://ozelteam.com - Turk Bilisim Gücleri
 
Pst: [email protected]
 
=============================
 
Dork: allinurl:clientsignup.php "classifieds"
 
Dork2: Powered By: Living Local V1.1
 
Demo: http://www.jerseyads.net/listtest.php?r="><script>alert()</script>
 
Demo2: http://homes.relatedlistings.com/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php
 
http://homes.relatedlistings.com/Member_Admin/
 
E-Mail: [email protected]
Password: tbg1122
=============================
 
you must register to site ( direckt register link: http://localhost/script_path/registerlandlord.php ) ( siteye uye ol )

and login ( direckt link: http://localhost/script_path/Member_Admin/index.php ) ( giris yap )

after edit your banner ( direckt link: http://localhost/script_path/Member_Admin/editimage.php?clientid=[MemberAdminPass] )

or first click "Edit Account Info" after click "Your Logo" Edit button ( "Edit Account Info" yazýsýna tIkla sonra da edit butonuna tIkla )

and open new page. you click gozat button and select your_sheell.php ( acIlan yeni sayfada senin hazIr shell i upload et )

after click to submit button. you should see "Your image will be review." ( "Your image will be review." bu yazIyI gormelisin )

if you see "Your image will be review." your shell upload succesfull. ( gorduysen yukleme basarIlI )

after repeat click to "Edit Account Info" and open page. your logo right click and properties select this link copy

after paste your explorer go your_shell.php ( sonra yine "Edit Account Info" yazIsIna Týkla

acIlan sayfada logonun ustunde sag tIkla ozellikleri Týkla linki kopyala sonrada shelle ulas )
 
 
==========================
 
Thanks: str0ke - ÇılgınTurk

# milw0rm.com [2008-12-10]
 
Источник
www.exploit-db.com

Похожие темы