Duhok Forum 1.1 – Arbitrary File Upload - 体验盒子

作者： BrOx-Dz

日期： 2010-11-30

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/15638/

==============================================
Duhok Forum Remot upload Vulnerability
==============================================

####################################################################
# Exploit Title: Duhok Forum Remot upload Shell Vulnerability
# Date: 30-11-2010
# Author: BrOx-Dz
# email : E.dz@hotmail.fr
# Software Link: http://www.duhoktimes.com/df/
# Version: all version
# Tested on: windows xp pack 3 linux ubuntu 10
# home: algerie // FreeGaza// 
 
####################################################################

===[Vulnerable File ]===

/admin/up_xml.php
/admin/up_style.php
/idara/up_xml.php
/idara/up_style.php
 
===[ Exploit ]===

1- go www.site.com/patch/admin/up_style.php or www.site.com/patch/idara/up_style.php

2- upload shell "shell.css" and use tamper data

3- and go www.site.com/patch/slyle/style_shell.php


 .. enjoy --
 
####################################################################

greetz : kader11000 lagripe-dzmca_crb NetCat-Dzall dz members

www.h4kz.net www.v4-team.com www.vbspiders.comwww.dz4all.com/cc