Dotclear 2.3.1 Shell Upload

2011.09.02
Credit: T0xic
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: dotclear-2.3.1 (Swf) File Upload Vulnerability # Date: 01/09/2011 # Author: T0xic # Author Mail: Malik[_]99[at]Hotmail[dot]fr # Software: dotclear-2.3.1 # Software Link: http://dotclear.org/download/ # Go0gle Dork : 'inurl:"inc/swf/swfupload.swf" [Comment] #================[ Exploited By T0xic * Wahson ]=========================================== # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * T0xic | # | ------------------------------------------------- < | [POC] http://www.example.com/path/inc/swf/swfupload.swf you can upload files with php extension. Example: c99.php, shell.gif.php, etc...


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top