getaphpsite Auto Dealers Remote File Upload Vulnerability

🗓️ 22 Nov 2008 00:00:00Reported by ZoRLuType

zdt🔗 0day.today👁 15 Views

getaphpsite Auto Dealers Remote File Upload Vulnerability discovered by ZoRLu on 22.11.2008. Allows unauthorized file upload via profile edit

=========================================================
getaphpsite Auto Dealers Remote File Upload Vulnerability
=========================================================


[~] geta php cardealers Remote File upload
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu  
[~]
[~] Date: 22.11.2008
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------

first register to site 

login to site and edit your profile

upload your_shell.php 

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

example for demo:

login: http://www.getaphpsite.com/demos/cardealers/login.php

user: zorlu

passwd: zorlu1

shell:

http://www.getaphpsite.com/demos/cardealers/re_images/1227370217_logo_c.php

[~]----------------------------------------------------------------------




#  0day.today [2018-03-20]  #

22 Nov 2008 00:00Current

7.1High risk

Vulners AI Score7.1