Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

living Local 1.1 - Cross-Site Scripting / Arbitrary File Upload

🗓️ 10 Dec 2008 00:00:00Reported by Bgh7Type 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 33 Views

Cross-Site Scripting and Arbitrary File Upload in Living Local V1.

Code
Authot: Bgh7
 
Home: http://ozelteam.com - Turk Bilisim Gücleri
 
Pst: [email protected]
 
=============================
 
Dork: allinurl:clientsignup.php "classifieds"
 
Dork2: Powered By: Living Local V1.1
 
Demo: http://www.jerseyads.net/listtest.php?r="><script>alert()</script>
 
Demo2: http://homes.relatedlistings.com/Member_Admin/logo/cca55760b985b02c1b9d7fac606shell.php
 
http://homes.relatedlistings.com/Member_Admin/
 
E-Mail: [email protected]
Password: tbg1122
=============================
 
you must register to site ( direckt register link: http://localhost/script_path/registerlandlord.php ) ( siteye uye ol )

and login ( direckt link: http://localhost/script_path/Member_Admin/index.php ) ( giris yap )

after edit your banner ( direckt link: http://localhost/script_path/Member_Admin/editimage.php?clientid=[MemberAdminPass] )

or first click "Edit Account Info" after click "Your Logo" Edit button ( "Edit Account Info" yazýsýna tIkla sonra da edit butonuna tIkla )

and open new page. you click gozat button and select your_sheell.php ( acIlan yeni sayfada senin hazIr shell i upload et )

after click to submit button. you should see "Your image will be review." ( "Your image will be review." bu yazIyI gormelisin )

if you see "Your image will be review." your shell upload succesfull. ( gorduysen yukleme basarIlI )

after repeat click to "Edit Account Info" and open page. your logo right click and properties select this link copy

after paste your explorer go your_shell.php ( sonra yine "Edit Account Info" yazIsIna Týkla

acIlan sayfada logonun ustunde sag tIkla ozellikleri Týkla linki kopyala sonrada shelle ulas )
 
 
==========================
 
Thanks: str0ke - ÇılgınTurk

# milw0rm.com [2008-12-10]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
10 Dec 2008 00:00Current
7High risk
Vulners AI Score7
information securitycross-site scriptingarbitrary file uploadliving local v1.1turk bilisim gã¼clericlassifiedsvulnerabilityregisterloginbanneredit imagereview.
33