fast-signup shell uploading
# Exploit Author : Guardiran Security Team
# Tested On : ubuntu / Windows 8.1
#
# Dork: inurl:fast-signup.php
# # ----------------------------------------------- # #
# Description :
# an uncontrolled profile image uploader enables attacker to upload shell remotely
# # #
# # # POC:
# first find targets with the dork above and signup by uploading a normal photo in this step. then
# login(sometime it will login automatically) after that go to "My Photo" click on "Manage My photo"
# "Modify Photo 1" now upload your shell.php here :) open your profile photo(the shell you uploaded)
# url will be like this:
# http://sitedomain.com/photoprocess.php?image=memphoto1/209975shell.php&square=100
# # change it to this order:
# http://sitedomain.com/memphoto1/123456shell.php
# Now you are done :)
# 123456 is a random number that the website will add to your file name so it can be any thing else
# Bypass:
# in some of targets i saw that they have denied .php file so upload your shell as .PHP :)
#
Post a Comment