Duhok Forum versions 1.1 and below suffer from a remote shell upload vulnerability.
57861734f26b14840205f7ed3bd1cc8d6c56fc7c3f3cb560fdbc8b7dff66cd89==============================================
Duhok Forum Remot upload Vulnerability
==============================================
####################################################################
# Exploit Title: Duhok Forum Remot upload Shell Vulnerability
# Date: 30-11-2010
# Author: BrOx-Dz
# email : E.dz@hotmail.fr
# Software Link: http://www.duhoktimes.com/df/
# Version: all version
# Tested on: windows xp pack 3 linux ubuntu 10
# home : algerie // Free Gaza//
####################################################################
===[ Vulnerable File ]===
/admin/up_xml.php
/admin/up_style.php
/idara/up_xml.php
/idara/up_style.php
===[ Exploit ]===
1- go www.site.com/patch/admin/up_style.php or www.site.com/patch/idara/up_style.php
2- upload shell "shell.css" and use tamper data
3- and go www.site.com/patch/slyle/style_shell.php
.. enjoy --
####################################################################
greetz : kader11000 lagripe-dz mca_crb NetCat-Dz all dz members
www.h4kz.net www.v4-team.com www.vbspiders.com www.dz4all.com/cc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed