[x] Title : "Default Image Uploader <+ Shell Upload Vulnrability"
[x] Date : 25/Oktober/2011
[x] Author : Z190T
[x] Contact : mahruz.id[at]gmail[dot]com
[x] Platform : PHP/ASP
[x] Category : WebApps
[x] dork :
* inurl:"default_image.asp"
* inurl:"default_imagen.asp"
* inurl:"/box_image.htm"
[x] Tested on : anything OS,,,
**** exploit ****
- Shell Example : shell.asp;.jpg, shell.php;.jpg, *.gif, *.jpg, *.png, *.pdf, *.zip, *.html
**** note ****
- then upload them to your shell using firefox addons temperdata. or NOT!! ^_^
**** demo ****
- https://www.thinkheartland.com/CMS/admin/default_Image.asp
- http://www.dautphetal.de/edit/default_asset.asp
No comments:
Post a Comment