bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/7638.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

21 lines
No EOL
839 B
Text
Raw Blame History

=================================================================
=================Memberkit 1.0 Remote File Upload================
=================================================================
Vendor: http://www.memberkit.com/
Discovered: 12-30-08
Discovered By: Lo$er
====Exploit====
After registered and logged in, a user can upload any type of file in "My Picture Album" where a picture would usually be uploaded.
For example, if the file "shell.php" was uploaded to somesite.com, its location would likely be
http://somesite.com/uploads/pictures/pictures/[user]/[picture number]_shell.php
The location of the file can also easily be found by using your browser's "view image" function where the image would appear regularly.
===<3===
lots of lub to (irc.)r00tsecurity.org and all of #r00tsecurity
# milw0rm.com [2009-01-01]
Reference in a new issue View git blame Copy permalink