Wednesday, 15 May 2013

photopostvbgal-upload.txt


Cold z3ro/photopostvbgal-upload.txt 


vBulletin PhotoPost vBGallery v2.x Remote File Upload
 
Found by : Cold z3ro
 
e-mail : exploiter@hackteach.org
 
Home page : www.Hack.ps
 
==============================
 
exploit usage :
 
http://localhost/Forum/$gallery_path/upload.php
 
here the exploiter can upload php shell via this script
 
by renamed it's name to $name.php.wmv
 
but first he should be a user in the forum
 
thats so important to him cus the uploaded file will be
 
in his account nomber folder .
 
example :
 
user : Cold z3ro
http://www.hackteach.org/cc/member.php?u=4
 
his account nomber is 4 as shown in link ,
 
the uploaded file ( shell ) will be in
 
http://localhost/Forum/$gallery_path/files/4/$name.php.wmv
 
id the user Cold z3ro have acconut nomber as example ( 12345 )
 
the file path is
 
http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv
 
===================
 
i want tho thank all members in www.hackteach.org forums , best work u are done.
 
thank u .
 
# hackteach.org
 
# milw0rm.com [2008-07-15]
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)