PhpVibe 3.1 Shell Upload

2013.08.23
Credit: Gabby
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

___________.__ _________ _________ \__ ___/| |__ ____ \_ ___ \_______ ______ _ ________ \_ ___ \_______ ______ _ __ | | | | \_/ __ \ / \ \/\_ __ \/ _ \ \/ \/ / ___/ / \ \/\_ __ \_/ __ \ \/ \/ / | | | Y \ ___/ \ \____| | \( <_> ) /\___ \ \ \____| | \/\ ___/\ / |____| |___| /\___ > \______ /|__| \____/ \/\_//____ > \______ /|__| \___ >\/\_/ \/ \/ \/ \/ \/ \/ http://thecrowscrew.org ################################################################################################# Exploit Title: PhpVibe 3.1 Upload Shell Vulnerability Google Dork: use ur brain :P Date: 22/08/2013 Locations: Indonesia Author: Gabby Product: PhpVibe Official site: http://phprevolution.com/ Risk Level: High ################################################################################################# Poc : u must regist first,. n go to video upload,. http://site.com/upload upload ur shell as extensi "file.php.mp3" / "file.php.mp4" / "file.php.flv shell akses : http://site.com/media/flv/month-date-year-time-minute-pm/am-file.php.mp3 Demo : http://viralwire.co.uk/media/flv/august-21-13-10-57-pm-file.php.mp3 http://otelvideo.ru//media/flv/august-22-13-1-42-am-file.php.flv ################################################################################?################# Thanks to : Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, penjamoen, "Dad", my sista Wii, Red-x, all my luvly friend,.. Yogyacarderlink, SurabayaBlackhat, n for Someone, i cant say his name,. thanks for give me idea..^^

References:

http://cxsecurity.com/issue/WLB-2013080139


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top