jobscript-upload.txt
Posted on 22 May 2009
___ ___ __ / | \_____ | | _____ ___ ___________ / ~ \__ | |/ / / // __ \_ __ \n Y // __ | < > < ___/| | / \___|_ /(____ /__|_ /__/\_ \___ >__| / / / / / :: Egy Coders Team Researcher /- Job Board => Arbitrary File Upload Vulnerability /- demo : http://www.jobscriptdemo.com /- Greetz : ExH , ProViDoR , Bright D@rk , Error Code , all team /- Proud To Be Egyptian ..... /- http://hakxer.blogspot.com/ * Hi every body * in this vulnerability you can upload any file you want .php .. etc * the script is job board from job script company we can upload shell into * board ok now look at steps * first goto http://host/path/register.php * and now sign in board * goto add CV Page here http://host/path/mycv.php * then go and upload shell file * click Upload CV * now go to - Click Here to view your CV - * like this http://host/path/accesscv.php?id=[randid] * shell uploaded successfully * you can test this vulnerability in demo user * email : demo * pass : demo *** notes : ** use it in your own risk ./be safe
