50 lines
No EOL
986 B
Text
50 lines
No EOL
986 B
Text
vBulletin PhotoPost vBGallery v2.x Remote File Upload
|
|
|
|
Found by : Cold z3ro
|
|
|
|
e-mail : exploiter@hackteach.org
|
|
|
|
Home page : www.Hack.ps
|
|
|
|
==============================
|
|
|
|
exploit usage :
|
|
|
|
http://localhost/Forum/$gallery_path/upload.php
|
|
|
|
here the exploiter can upload php shell via this script
|
|
|
|
by renamed it's name to $name.php.wmv
|
|
|
|
but first he should be a user in the forum
|
|
|
|
thats so important to him cus the uploaded file will be
|
|
|
|
in his account nomber folder .
|
|
|
|
example :
|
|
|
|
user : Cold z3ro
|
|
http://www.hackteach.org/cc/member.php?u=4
|
|
|
|
his account nomber is 4 as shown in link ,
|
|
|
|
the uploaded file ( shell ) will be in
|
|
|
|
http://localhost/Forum/$gallery_path/files/4/$name.php.wmv
|
|
|
|
id the user Cold z3ro have acconut nomber as example ( 12345 )
|
|
|
|
the file path is
|
|
|
|
http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv
|
|
|
|
===================
|
|
|
|
i want tho thank all members in www.hackteach.org forums , best work u are done.
|
|
|
|
thank u .
|
|
|
|
# hackteach.org
|
|
|
|
# milw0rm.com [2008-07-15] |