header-logo
Suggest Exploit
vendor:
PHP F1 Webscripts
by:
wlhaan
8.8
CVSS
HIGH
Upload Shell Upload Vulnerability
434
CWE
Product Name: PHP F1 Webscripts
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

PHP F1 Upload Shell Upload Vulnerability

This vulnerability allows an attacker to upload a malicious shell to a vulnerable website running the PHP F1 webscripts. The attacker can use the Google Dork “Photo Album” “Powered by PHP F1” to find vulnerable websites. The attacker can then access the admin.php page and upload a malicious shell with the name shell.php.pjpeg. The attacker can then access the shell by going to the URL http://server/path/original/shell.php.pjpeg.

Mitigation:

The website should be updated to the latest version of PHP F1 and the admin.php page should be secured with authentication.
Source

Exploit-DB raw data:

PHP F1 Upload Shell Upload Vulnerability

name scripts:PHP F1

webscripts:http://www.phpf1.com

Created By  :wlhaan Hacker:

Email: iit@hotmail.com



google dork:

"Photo Album"  "Powered by PHP F1"

____________________________________

* How to use it ?

Go to : > http://server/path/admin.php

Upload You Shell:shell.php.pjpeg)

note:

change shell

shell.php.pjpeg

now go to shell

http://server/path/original/shell.php.pjpeg


end

www.sa-hacker.com/vb