Imageview version 6.x suffers from a remote shell upload vulnerability.
9e8ceb871f0ad6945720f72ead88ac76a5adde822a800af98a3e6c5cb69a998f[+] Author: TUNISIAN CYBER
[+] Exploit Title: Imageview File Upload vulnerability
[+] Date: 20-01-2014
[+] Category: WebApp
[+] Google Dork: :
[+] Tested on: KaliLinux
[+] Friendly Sites: na3il.com,th3-creative.com
#############################################################
+Exploit:
Imageview Suffers from a File Upload Vulnerability which allows the attacker
to upload a PHP File.
+P.O.C:
127.0.0.1/[PATH]/upload.php
Upload as shell.php.[img extension jpg png gif]
Change it using temper data
Shell Path:
127.0.0.1/[PATH]/albums/shell.php
+Demo:
https://indianayouthballet.com/photos/upload.php
https://indianayouthballet.com/photos/albums/a0a0a.php
https://www.schaefer-swantow.de/Galerie/upload.php
https://www.schaefer-swantow.de/Galerie/albums/c99.php
https://www.rappel-zappel.de/galerie/upload.php
+Fix:
There's no fix from the script's owner but change "upload.php"'s name or path.
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed