Mobilya Scripti 2 Shell Upload

2016.04.12
Credit: Antidote
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264
Dork: intext:Lütfen sadece .doc yada .pdf uzantılı dosya

1. # Exploit Title: Mobilya Scripti v2 File Upload 2. # Google Dork: intext:Ltfen sadece .doc yada .pdf uzant?l? dosya gnderin. 3. # Date: 10.4.2016 4. # Exploit Author: Antidote(antidotedefacer@gmail.com) 5. # Vendor Homepage: http://www.hazirscriptler.web.tr/mobilya-scripti-php-v2 6. # Version: v2 7. # Tested on: Windows 8. ------------------------------------------------ 9. __ .__ .___ __ 10. _____ _____/ |_|__| __| _/_____/ |_ ____ 11. \__ \ / \ __\ |/ __ |/ _ \ __\/ __ \ 12. / __ \| | \ | | / /_/ ( <_> ) | \ ___/ 13. (____ /___| /__| |__\____ |\____/|__| \___ > 14. \/ \/ \/ \/ 15. ------------------------------------------------ 16. Script Bug File:insan_kaynaklari_gonder.php 17. ------------------------------------------------ 18. $eposta = p('txt_email'); 19. $tarih = date("d-m-Y"); 20. $kaynak = $_FILES["txt_dosya"]["tmp_name"]; 21. $dosya = $_FILES["txt_dosya"]["name"]; 22. $uzanti = explode(".", $_FILES[txt_dosya][name]); 23. $random = rand(0,9999); 24. $yeni_isim = $random."_".$dosya; 25. $hedef = "kit/cv/".$yeni_isim; 26. 27. if($dosya=="") 28. { 29. echo 'Lutfen cv ykleyiniz....'; 30. echo '<meta http-equiv="refresh" content="2; url=sayfa-insan-kaynaklari" />'; 31. } 32. 33. else{ 34. $gitti=move_uploaded_file($kaynak,$hedef); 35. $iletisim_ekle_sorgu=mysql_query("insert into insan_kaynaklari ( 36. eposta, 37. dosya, 38. tarih) 39. values ( 40. '$eposta', 41. '$yeni_isim', 42. '$tarih')"); 43. echo 'Bavurunuz baar?yla al?nm?t?r. De?erlendirilip dn yap?lacakt?r.. Yonlendiriliyorsunuz...'; 44. echo '<meta http-equiv="refresh" content="2; url=sayfa-insan-kaynaklari" />'; 45. } 46. } 47. --------------------------------------------------------------------------------- 48. Example:http://nehircollection.com/sayfa-insan-kaynaklari , http://www.saralphotography.com/sayfa-insan-kaynaklari 49. Enter mail and File Shell send after 50. Open on localhost php file => https://gist.github.com/anonymous/a30506e46d6edc724bb373744d25cd8c 51. after 52. Url:http://example.com 53. Shellname: send shell name (Ex:c99.php,a.php,c.php) 54. Submit 55. Wait till the end 56. include shell page url :) 57. --------------------------------------------------------------------------------- 58. Team : Janissaries.org, Spycod3.org 59. Thanks : Bydokunulmaz 60. Twitter: @coderantidote 61. Website: antidotesoft.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top