Default Image Uploader <+ Shell Upload Vulnerability
2011-10-25 18:19:28Inviato da: tafaz
=====================================================================
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > < | |_> > |_( <_> ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Exploit Information Disclosure
Web : exploit-id.com
e-mail : root[at]exploit-id[dot]com
#########################################
I'm Z190T, member of Exploit-Id
#########################################
======================================================================
[x] Title : "Default Image Uploader <+ Shell Upload Vulnrability"
[x] Date : 25/Oktober/2011
[x] Author : Z190T
[x] Contact : mahruz.id[at]gmail[dot]com
[x] Platform : PHP/ASP
[x] Category : WebApps
[x] dork :
* inurl:"default_image.asp"
* inurl:"default_imagen.asp"
* inurl:"/box_image.htm"
[x] Tested on : anything OS,,,
**** exploit ****
- Shell Example : shell.asp;.jpg, shell.php;.jpg, *.gif, *.jpg, *.png, *.pdf, *.zip, *.html
**** note ****
- then upload them to your shell using firefox addons temperdata. or NOT!! ^_^
**** demo ****
- https://www.thinkheartland.com/CMS/admin/default_Image.asp
- http://www.dautphetal.de/edit/default_asset.asp
- etc...
======================================================================
[+] Thx TO [+]
[x] All member of EXPLOIT-ID.com, ungu.com, blackc0de.forumo.org, thecybernuxbie.com etc...
[x] Temen yang saya Idolakan : haX0r.x0x, Surabaya Getar, kaMtiEz, eXeSoul,
[x] Caddy-Dz, KedAns-Dz, metasploit, KnocKout, Zerofiles Kalikode, G3MB3lz,
[x] bHotie, Tetsuya, devilz404, 4rt4k3, cHilzacEh, ^_^ etc...
======================================================================
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.