AvailScript Classmate Script - Arbitrary File Upload

EDB-ID:

7457

CVE:

N/A

EDB Verified:

Author:

S.W.A.T.

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-12-14

Vulnerable App:

[~] Availscript Classmate Script Remote File Upload Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: S.W.A.T.   svvateam@yahoo.com
[~]
[~] Home: www.batlagh.com
[~]
[~] Script Page: http://www.availscript.com/classmate_script.php
[~] -----------------------------------------------------------

Xpl:

1.First Register Into The Site ( link: www.site.com/[path]/register.php )

2.In Register Section Select Your phpshell like: c99.php

3.In "Latest Members" Section Right Click On Blank Line & Then Choose Properties

4.Copy The Link Of Your Shell Like: http://www.availscript.com/classmate/memberspics/saeid-61609-c99.php

5.Your Shell Will Be Renamed With Your Name & Random ID like: saeid-61609-c99.php

6.Hack The Site ;)


Demo:

http://www.availscript.com/classmate/



[~] Special Thanks To:

Str0ke, All My Friends, Iranian Hackers & All Muslim

# milw0rm.com [2008-12-14]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services