Vacation Rental Script v4.0 Arbitrary File Upload Vulnerability
2010-12-20 17:15:07Script Name: Vacation Rental Script <= 4.0
Site: http://www.vacationrentalscript.com/
Bug: Upload Shell
Found: Br0ly
google dork: "2006 - 2009 Vacation Rental Script" BraZIL!!
You need register a account first so:
Signup: http://server/signup
Cheek your email for login and password
So login in:
http://server/members/login
After login:
Go to:
http://server/members/profile
at the bottom of the page you can upload a logo why not a lithe and nice
shell?
Upload a shell type: shell.php.jpg or shell.php.jpeg
after upload:
http://server/public/upload/logos/youshell.php.jpg
Fixes
No fixesIn order to submit a new fix you need to be registered.