getaphpsite PHP Careers Search suffers from a remote file/shell upload vulnerability.
d15cbe1d2ded8ae921028ad91a3f6247[~] getaphpsite PHP Careers Search Remote File Upload
[~]
[~] script: http://www.getaphpsite.com/159.html
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com
[~]
[~] Date: 31.12.2008
[~]
[~] Home: www.z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------
you go here : http://z0rlu.blogspot.com/script/employers/employer_registration.php
and register to site
after you click to gozat button and select your shell.php for register to site
after go here: http://z0rlu.blogspot.com/script/employers/employers/login.php
and login to site more after click to "Edit Info" ( you must look to left )
you must be here now: http://z0rlu.blogspot.com/script/employers/employers/EditInfo.php
and you right click to your logo select properties and copy logo link
go your shell:
http://z0rlu.blogspot.com/script/employers/employer_logos/[id]_offer_shell.php
exp for demo:
http://www.phpstore.info/demos/phpcareers/employers/login.php
user: zorlu
passwd: zorlu1
http://www.phpstore.info/demos/phpcareers/employers/EditInfo.php
and shell:
http://www.phpstore.info/demos/phpcareers/employers/employer_logos/1228994464_offer_c.php ( no permission for demo )
[~]----------------------------------------------------------------------
[~] Greetz tO: yildirimordulari.org & experl.com
[~]
[~]----------------------------------------------------------------------
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!