Transfer Manager vulnerability upload of arbitrary files

2016.10.29
us Turk.Khan (US) us
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:index.php?direction & intext:Advanced Transfer Manager

########################## # Exploit Title: Transfer Manager vulnerability upload of arbitrary files # Google Dork : inurl:index.php?direction & intext:Advanced Transfer Manager # Date:2016-10-25 # Discovered By: Turk-Khan # We Are Iranian Anonymous # Home: Iranonymous.org # Version: 1.2 # Tested on : Win7 ########################## We are looking Dorku our googled. Out in the FTP site to upload of the current deficit. How we do it. You entered the site on the top right part of the login form, press regestirer organizing membership. Your membership does not regulate regulate the membership form admin is appointed. So you have the authority to upload. Alıntıdır. ########################## # Demo : http://www.radiovos.ru/archiv/register.php http://artax.karlin.mff.cuni.cz/upload/register.php http://download.filetopart.ch/register.php http://www.sapro.cz/ftp/register.php http://ndsfire.altervista.org/register.php ############################# Track your upload http://www.irmin.com/mp3/index.php?action=view&filename=team.txt ############################# #Thanks to : MR.Khatar || ll_azab-siyah_ll || Blackwolf_Iran ||Ormazd ||Sh@d0w ||mohammad Pn ||Shdmehr || And All Of Iranian Anonymous . # Discovered By: Turk-Khan


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top