greeting card remote Upload File vulnerability-vulnerability warning-the black bar safety net

2010-06-17T00:00:00
ID MYHACK58:62201027264
Type myhack58
Reporter 佚名
Modified 2010-06-17T00:00:00

Description

greeting card program the presence of a remote file upload vulnerability, a registered user login you can upload a php executable code.

Google Dork : "Send amazing greetings to your friends and relative!"

trojandownloader : http://127.0.0.1/upload.php

First register and the site and go to upload the cards (after registration to upload)

After you have uploaded your shells , you will find it in this Path :

http://[site]//cards/id_thumb_evil.php

demo : http://server/cards/1275663706_thumb_oujda.php