ID PACKETSTORM:100176 Type packetstorm Reporter KedAns-Dz Modified 2011-04-07T00:00:00
Description
`###
# Title : SMF 2.0 RC5 Remote Shell Upload Exploit
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Remote Shell Upload
# Tested on : Windows XP sp3 FR
##
# [»] ~ ********* In The name of Allah ************
###
# Go0Gle D0rk : "Powered by SMF 2.0 RC5 "
# Exploit :
You Are Can Upload The Shell in (attachments) Folder from 'SMF 2.0 RC5'
(+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment
(+) After Reply .. You Are Can Access to Shell in :
> http://[target/Path]/attachments/{fileID}_{fileHASH}
> The HASH Is encoder by : SHA1
(+) Because the 'SMF 2.0 RC5' Change the Any Attach name Ex :
'1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca' << This is From Ex file I'm uploaded From My Local SMF
(+) After You Are Detect The SHA HASH .. access in the shell !
Usage : http://127.0.0.1:8888/smf/attachments/1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca
OR access in this url :
> http://[target/Path]/index.php?action=dlattach;topic={topicID};attach={attach-SHELL-id};image
but this access with URL not succeeding always
# ** In The Peace of Allah **
=================================================================================================
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz
# Masimovic * TOnyXED * r0073r (inj3ct0r.com) * TreX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz
# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (1923turk.com)
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX
# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# 1337day.com * www.packetstormsecurity.org * exploit-db.com * bugsearch.net * exploit-id.com
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
#================================================================================================
`
{"hash": "b7fd622bdacb09311d51165175bbf6ccef746948de394023fbc4490b99954fd4", "sourceHref": "https://packetstormsecurity.com/files/download/100176/smf2-shell.txt", "title": "SMF 2.0 RC5 Shell Upload", "id": "PACKETSTORM:100176", "published": "2011-04-07T00:00:00", "description": "", "modified": "2011-04-07T00:00:00", "sourceData": "`### \n# Title : SMF 2.0 RC5 Remote Shell Upload Exploit \n# Author : KedAns-Dz \n# E-mail : ked-h@hotmail.com \n# Home : HMD/AM (30008/04300) - Algeria -(00213555248701) \n# Twitter page : twitter.com/kedans \n# platform : php \n# Impact : Remote Shell Upload \n# Tested on : Windows XP sp3 FR \n## \n# [\u00bb] ~ ********* In The name of Allah ************ \n### \n \n# Go0Gle D0rk : \"Powered by SMF 2.0 RC5 \" \n \n# Exploit : \n \nYou Are Can Upload The Shell in (attachments) Folder from 'SMF 2.0 RC5' \n \n(+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment \n(+) After Reply .. You Are Can Access to Shell in : \n> http://[target/Path]/attachments/{fileID}_{fileHASH} \n> The HASH Is encoder by : SHA1 \n(+) Because the 'SMF 2.0 RC5' Change the Any Attach name Ex : \n'1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca' << This is From Ex file I'm uploaded From My Local SMF \n(+) After You Are Detect The SHA HASH .. access in the shell ! \nUsage : http://127.0.0.1:8888/smf/attachments/1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca \nOR access in this url : \n> http://[target/Path]/index.php?action=dlattach;topic={topicID};attach={attach-SHELL-id};image \nbut this access with URL not succeeding always \n \n# ** In The Peace of Allah ** \n================================================================================================= \n#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== \n# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > \n# Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz \n# Masimovic * TOnyXED * r0073r (inj3ct0r.com) * TreX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz \n# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (1923turk.com) \n# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{ \n# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX \n# Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} , \n# 1337day.com * www.packetstormsecurity.org * exploit-db.com * bugsearch.net * exploit-id.com \n# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ... \n#================================================================================================ \n`\n", "reporter": "KedAns-Dz", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "0e5dac3ed496539fc86f74bc194ca586"}, {"key": "modified", "hash": "63acc4a0560298c7457ee979047752d3"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "63acc4a0560298c7457ee979047752d3"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "af76fb253835e7e53597195b251ff8ac"}, {"key": "sourceData", "hash": "ff46a141f66e1bc972b1ec25c92286e1"}, {"key": "sourceHref", "hash": "995ebe3aa1509b33cb07acc0e4900634"}, {"key": "title", "hash": "d127704ce287bcca860d8768b8e6a081"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/100176/SMF-2.0-RC5-Shell-Upload.html", "lastseen": "2016-11-03T10:21:26", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}}