SMF 2.0 RC5 Shell Upload

2011-04-07T00:00:00
ID PACKETSTORM:100176
Type packetstorm
Reporter KedAns-Dz
Modified 2011-04-07T00:00:00

Description

                                        
                                            `###  
# Title : SMF 2.0 RC5 Remote Shell Upload Exploit  
# Author : KedAns-Dz  
# E-mail : ked-h@hotmail.com  
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)  
# Twitter page : twitter.com/kedans  
# platform : php  
# Impact : Remote Shell Upload  
# Tested on : Windows XP sp3 FR  
##  
# [»] ~ ********* In The name of Allah ************  
###  
  
# Go0Gle D0rk : "Powered by SMF 2.0 RC5 "  
  
# Exploit :   
  
You Are Can Upload The Shell in (attachments) Folder from 'SMF 2.0 RC5'   
  
(+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment   
(+) After Reply .. You Are Can Access to Shell in :  
> http://[target/Path]/attachments/{fileID}_{fileHASH}  
> The HASH Is encoder by : SHA1  
(+) Because the 'SMF 2.0 RC5' Change the Any Attach name Ex :   
'1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca' << This is From Ex file I'm uploaded From My Local SMF  
(+) After You Are Detect The SHA HASH .. access in the shell !  
Usage : http://127.0.0.1:8888/smf/attachments/1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca  
OR access in this url :   
> http://[target/Path]/index.php?action=dlattach;topic={topicID};attach={attach-SHELL-id};image  
but this access with URL not succeeding always  
  
# ** In The Peace of Allah **  
=================================================================================================  
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================   
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >  
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz  
# Masimovic * TOnyXED * r0073r (inj3ct0r.com) * TreX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz  
# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (1923turk.com)  
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{  
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX   
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,  
# 1337day.com * www.packetstormsecurity.org * exploit-db.com * bugsearch.net * exploit-id.com   
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...  
#================================================================================================  
`