cardealer-upload.txt

2008-11-11T00:00:00
ID PACKETSTORM:71799
Type packetstorm
Reporter ZoRLu
Modified 2008-11-11T00:00:00

Description

                                        
                                            `PHP Store Auto Classifieds Remote File Upload  
  
Author: ZoRLu msn: trt-turk@hotmail.com  
  
home: www.z0rlu.blogspot.com  
  
N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (  
  
-----------------------------------------  
  
  
exploit:  
  
  
first register to site   
  
you add this code your shell to head   
  
GIF89a;   
  
example your_shell.php:  
  
GIF89a;  
<?  
  
...  
  
...  
  
...  
  
?>  
  
and save your_sheell.php  
  
login to site and edit your profile  
  
upload your_shell.php   
  
your_shell.php path:  
  
localhost/script/cars_images/[ID]_logo_your_shell.php  
  
---------------------------------------------  
  
example for demo:  
  
login: http://www.phpstore.info/demos/cars/login.php  
  
user: zorlu  
  
passwd: zorlu1  
  
shell:  
  
http://www.phpstore.info/demos/cars/cars_images/1226241384_logo_c.php  
  
  
------------------------------------------------  
  
thanks: str0ke & yildirimordulari.org & darkc0de.com  
  
`