您现在的位置是:网站首页> 编程资料编程资料
PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability _Exploit_网络安全_
2023-05-24
492人已围观
简介 PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability _Exploit_网络安全_
vBulletin PhotoPost vBGallery v2.x Remote File Upload
Found by : Cold z3ro
e-mail : exploiter@hackteach.org
Home page : www.Hack.ps
==============================
exploit usage :
http://localhost/Forum/$gallery_path/upload.php
here the exploiter can upload php shell via this script
by renamed it's name to $name.php.wmv
but first he should be a user in the forum
thats so important to him cus the uploaded file will be
in his account nomber folder .
example :
user : Cold z3ro
http://www.hackteach.org/cc/member.php?u=4
his account nomber is 4 as shown in link ,
the uploaded file ( shell ) will be in
http://localhost/Forum/$gallery_path/files/4/$name.php.wmv
id the user Cold z3ro have acconut nomber as example ( 12345 )
the file path is
http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv
===================
i want tho thank all members in www.hackteach.org forums , best work u are done.
thank u .
# hackteach.org
Found by : Cold z3ro
e-mail : exploiter@hackteach.org
Home page : www.Hack.ps
==============================
exploit usage :
http://localhost/Forum/$gallery_path/upload.php
here the exploiter can upload php shell via this script
by renamed it's name to $name.php.wmv
but first he should be a user in the forum
thats so important to him cus the uploaded file will be
in his account nomber folder .
example :
user : Cold z3ro
http://www.hackteach.org/cc/member.php?u=4
his account nomber is 4 as shown in link ,
the uploaded file ( shell ) will be in
http://localhost/Forum/$gallery_path/files/4/$name.php.wmv
id the user Cold z3ro have acconut nomber as example ( 12345 )
the file path is
http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv
===================
i want tho thank all members in www.hackteach.org forums , best work u are done.
thank u .
# hackteach.org
相关内容
- PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit _Exploit_网络安全_
- AlstraSoft Affiliate Network Pro (pgm) Remote SQL Injection Vulnerability _Exploit_网络安全_
- Joomla Component DT Register Remote SQL injection Vulnerability _Exploit_网络安全_
- Microsoft DNS Server (Dynamic DNS Updates) Remote Exploit _Exploit_网络安全_
- tplSoccerSite 1.0 Multiple Remote SQL Injection Vulnerabilities _Exploit_网络安全_
- Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit _Exploit_网络安全_
- Apache mod_jk 1.2.19 Remote Buffer Overflow Exploit (win32) _Exploit_网络安全_
- IntelliTamper 2.07 (map file) Local Arbitrary Code Execution Exploit (pl) _Exploit_网络安全_
- HRS Multi (picture_pic_bv.asp key) Blind SQL Injection Exploit _Exploit_网络安全_
- DigiLeave 1.2 (info_book.asp book_id) Blind SQL Injection Exploit _Exploit_网络安全_
