Xtemplate Shell Upload

2012.06.05

Credit: Th3-Skywalk3r

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

##################################################
# Exploit Title: [Xtemplate shell upload]
#Date: 4/6/12
# Author: [Th3-Skywalk3r]
# Email : th3skywalk3r@hotmail.com
# Category:: [ webapps]
# Google dork: [ /xtemplates/eng/]
# Tested on: [Windows 7 & BT5r2 ]
# Demo site: [http://www.deadseashop.co.il/inc/xtemplates/eng/file_edit.php]
[http://www.sealsand.co.il/inc/xtemplates/eng/file_edit.php]
##################################################
[~] P0c [~] :
uploader link :
http://target.com/inc/xtemplates/eng/ads_gallery_update.php
http://target.com/inc/xtemplates/eng/file_edit.php
Upload Your Shell : php;gif & Enjoy .
##########################################################
[] Greetz to :
[ Th3 Dir3ct0rY, Th3 R00t3r, Hunt009s , Er00r-TGH, Z3r0-TGH, ]
[ Teamgreyhat ]
[ And all my Freinds And Greyhat hackers]
##########################################################

References:

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Xtemplate Shell Upload

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.