Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ============================================
- Free Image Hosting Script Remote File Upload Vulnerability
- ============================================
- # Exploit Title: Free Image Hosting Script [ALL VERSIONS] Remote File
- Upload Vulnerability
- # Date: 26/12/11
- # Author: ySecurity
- # Vendor or Software Link: http://www.photohostingscript.com
- # Price: $29.99
- # Version: All versions effected
- # Category:: Remote File Upload
- # Google dork: inurl:"show-image.php?id="
- # Tested on: Windows 7
- # Vendor HAS been notified.
- ########################################################################################
- NOTE: You will ONLY be able to find your shell if the "/pictures"
- directory and if the directory is not forbidden.
- This exploit allows hackers to upload a PHP backdoor into "/pictures/"
- directory via the use of Live HTTP Headers (Firefox Addon)
- [Vulnerability]
- Tools Needed: Live HTTP Headers, Backdoor Shell
- Step 1: Locate upload form on index page.
- Step 2: Rename your shell to shell.php.jpg and start capturing data with
- Live HTTP Headers
- Step 3: Enter tags for the image (can be anything)
- Step 4: Replay data with Live HTTP Headers -
- Step 5: Change [Content-Disposition: form-data; name="image1";
- filename="shell.php.jpg"\r\n] to [Content-Disposition: form-data;
- name="image1"; filename="shell.php"\r\n]
- Step 6: Locate pictures directory:
- www.site.tld/imagehostingscript/pictures/ (usually)
- Step 7: Find PHP file (random digits.php) = should look like
- (321879194bc8ff2843bf7b63a666f665.php)
- Step 8: Navigate to backdoor =
- www.site.tld/imagehostingscript/pictures/321879194bc8ff2843bf7b63a666f665.php
- ########################################################################################
- Greets to: Team Intra
- Submitted ethically, after disclosure.
Add Comment
Please, Sign In to add comment