ZeeJobSite version 2.0 suffers from a remote file upload vulnerability.
6c2bfe68a3d502089679bf702ab80781a5f8ef0f991d1d3c8224b07129d9de97ZEEJOBSITE v2.0 remote file Upload
author: ZoRLu msn: trt-turk@hotmail.com
home: www.z0rlu.blogspot.com
dork: "Copyright-2008@zeejobsite.com"
date: 08/11/2008 ( aha simdi gönderiyorum saat 10:40 : ) )
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
after jobseekers login to site ( direckt link: localhost/jobseekers/jobseekerloginpage.php )
and you edit your profile ( direckt link: http://localhost/jobseekers/editresume_next.php?rid=[id] )
add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties
copy photo link and paste your explorer go your shell
your_shell:
localhost/script_path/jobseekers/logos/[id].php
example for demo:
user: sabrina
passwd: testing:
login: http://zeejobsite.com/jobseekers/jobseekerloginpage.php
change profile direckt link: http://zeejobsite.com/jobseekers/editresume_next.php?rid=47
and your_shell link:
http://zeejobsite.com/jobseekers/logos/7271406.php
thanks: str0ke & yildirimordulari.org & darkc0de.com
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed