[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

zomplog3.9 Remot upload exploit

Author
indoushka
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14675
Category
web applications
Date add
01-11-2010
Platform
php
===============================
zomplog3.9 Remot upload exploit
===============================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    #######################################           1
0                    I'm indoushka member from Inj3ct0r Team           1
1                    #######################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

######################################################################## 

# Vendor: http://zomplog.zomp.nl/

# Date: 2010-09-27 

# Author : indoushka 

# Thanks to : Dz-Ghost Team

# Contact : 00213771818860

# Tested on : windows SP2 Francais V.(Pnx2 2.0) 
######################################################################## 
                                                                                                                                                                                                
# Exploit By indoushka 
-------------

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Zomplog File Manager - Uploader</title>

<style type="text/css">
   @import "style.css";
   
   body{
   background-color: #FFFFFF;
   background-image: url();
   }
  </style>
  
  <script src="jscripts/multifile_compressed.js"></script>

  
</head>

<body>

<?php
include_once("functions.php");
include('config.php');
include("session.php");

include("loadsettings.php");
include("../language/$settings[language].php"); 


// **********************************************************************
// **********************************************************************
// START loggedIn


// START Submit
if($_POST['submit']){  

// upload script
//include("upload_theme_image.php");
// upload script
include("upload_files.php");

foreach ($aBestanden as $sFilename => $sFiletype)
{

if($sFiletype == 'image/jpeg' || $sFiletype == 'image/pjpeg' || $sFiletype == 'image/gif'){
	?>

			<img src="icons/lightning.png" onload="parent.tinyMCE.execCommand('mceFocus',false,'text'); parent.tinyMCE.execInstanceCommand('text', 'mceInsertContent', false, '<img src=\'../thumbs/<?php echo $sFilename?>\' border=\'0\' />'), parent.mcWindows.windows['1'].close();" style="display:none;" />
            

<?php
}
else
{

//print_r($_FILES);
?>
<img src="icons/lightning.png" onload="parent.tinyMCE.execCommand('mceFocus',false,'text'); parent.tinyMCE.execInstanceCommand('text', 'mceInsertContent', false, '<a href=\'../upload/temp_<?php echo $sFilename?>\' target=\'blank\'><?php echo $_FILES['file_0']['name'];?></a>'), parent.mcWindows.windows['1'].close();" style="display:none;" />

<?php


}	



}

	?>
			
<?php
	
// END empty messages

}

// END submit
?>
<div style="width: 98%; background-color: #FFFFFF;">





        <form name="myform" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" enctype="multipart/form-data">

        	<?php
    if (!is_writable("../upload/")){
			echo "$lang_set_permissions";
			}
			else
			{
			echo $lang_insert_directly;
			?>
            <br /><br />
        <input id="my_file_element" type="file" value="1" name="file_1" \ /> <input name="submit" type="submit" value="<?php echo $lang_submit; ?>" />
		
        <div id="files_list"></div>
<script>
	<!-- Create an instance of the multiSelector class, pass it the output target and the max number of files -->
	var multi_selector = new MultiSelector( document.getElementById( 'files_list' ), 2 );
	<!-- Pass in the file element -->
	multi_selector.addElement( document.getElementById( 'my_file_element' ) );
</script>

<?php } ?>


</form>
    

</div>

</body>
</html>




#  0day.today [2024-12-24]  #