25 lines
No EOL
855 B
Text
25 lines
No EOL
855 B
Text
# Exploit Title: SWFUpload v2.5.0 Beta 3 File Arbitrary Upload
|
|
# Date: 07/02/2011
|
|
# Author: Daniel Godoy
|
|
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
|
|
# Author Web: www.delincuentedigital.com.ar
|
|
# Software: SWFUpload v2.5.0 Beta 3
|
|
# Software Link: http://code.google.com/p/swfupload/
|
|
# Demo: http://demo.swfupload.org/v250beta3/simpledemo/
|
|
|
|
[Comment]
|
|
Agradezco a mis amigos: Hernan Jais, Alfonso Cuevas, Lisandro
|
|
Lezaeta, Nicolas Montanaro, Inyexion, Login-Root, KikoArg, Ricota,
|
|
Xarnuz, Truenex, TsunamiBoom, _tty0, Big, Sunplace, Killerboy,Erick
|
|
Jordan,Animacco ,
|
|
yojota, Pablin77, SPEED, Knet, Cereal, Yago, Rash, MagnoBalt, El
|
|
Rodrix, l0ve, NetT0xic,
|
|
Gusan0r, Sabertrail, Maxi Soler, Darioxhcx,r0dr1,Zer0-Zo0rg,Relampago
|
|
|
|
[POC]
|
|
|
|
http://path/swfupload/index.php
|
|
|
|
you can upload files with php extension.
|
|
|
|
Example: c99.php, shell.gif.php, etc... |