Simple File Manager vX.X File Upload Vulenrability

🗓️ 12 Dec 2013 00:00:00Reported by TUNISIAN CYBERType

zdt🔗 0day.today👁 20 Views

Simple File Manager vX.X File Upload Vulnerability. Login credentials: usr: guest, pwd: demo. Upload file with .html or .jpg extension, then change it with LIVE HTTP HEADERS. Uploaded file path: 127.0.0.1/path/sfm-vXX/h4x3d.ph

[+] Author: TUNISIAN CYBER
[+] Exploit Title:  Simple File Manager vX.X File Upload Vulenrability
[+] Date: 11-12-2013
[+] Category: WebApp
[+] Vendor:onedotoh.sourceforge.net/‎
[+] Google Dork: Do Some Work and you'll find it :)
[+] Tested on: Win7 , ubuntu 13.04
 
 
########################################################################################
Login:
usr: guest
pwd : demo
it's written on the login page

Upload your File .html or .jpg then Change it with LIVE HTTP HEADERS
example: upl.html after using it will become upl.php.off

Uploaded File Path:
127.0.0.1/path/sfm-vXX/h4x3d.php

Demo:
http://www.ferretbbs.com/forums/backup/images/fm.php
http://www.upmodabijoux.it/img/catalogo/fm.php
onedotoh.sourceforge.net/demo/fm.php
www.cdg93.bg/docs/fm.php
www.ferretbbs.com/forums/backup/images/fm.php
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

#  0day.today [2018-01-04]  #

12 Dec 2013 00:00Current

7.1High risk

Vulners AI Score7.1