Availscript Article Script Remote File Upload Vulnerability

2008-12-14T00:00:00
ID 1337DAY-ID-4447
Type zdt
Reporter S.W.A.T.
Modified 2008-12-14T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===========================================================
Availscript Article Script Remote File Upload Vulnerability
===========================================================


[~] Availscript Article Script Remote File Upload Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: S.W.A.T.   
[~]
[~] Home: www.batlagh.com
[~]
[~] Script Page: http://www.availscript.com/article_script.php
[~] -----------------------------------------------------------

Xpl:

1.First Register Into The Site ( link: www.site.com/[path]/signup.php )

2.Login With Your Email & Password

3.After That Go To "Add Pen/Author Name" ( link: www.site.com/[path]/memberarea/addpen.php )
& Write Your Author & Select Your Shell.php like: c99.php

4.Your Shell Will Be Appear In This Folder ( link: www.site.com/[path]/photos/ )

5.Your Shell Will Be Renamed With Random Text like: cc1bd-c99.php

6.Hack The Site ;)


Demo:

http://www.availscript.com/article_script/




#  0day.today [2018-01-05]  #