header-logo
Suggest Exploit
vendor:
Login.php and UploadPicture.php
by:
indoushka
7.5
CVSS
HIGH
Remote File Upload
264
CWE
Product Name: Login.php and UploadPicture.php
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003-2005

Shell Upload

A vulnerability in Yonja, LLC. allows an attacker to upload a malicious shell to the vulnerable server. The attacker can then execute arbitrary code on the server.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate MIME type and that the application is configured to only allow the upload of files to a predetermined directory.
Source

Exploit-DB raw data:

                       ..:::::::::..

                    ..:::aad8888888baa:::..

                 .::::d:?88888888888?::8b::::.

               .:::d8888:?88888888??a888888b:::.

             .:::d8888888a8888888aa8888888888b:::.

            ::::dP::::::::Dz-GhostTeam:::::::Yb::::

           ::::dP:::::::::Y888888888P:::::::::Yb::::

          ::::d8:::::::::::indoushka:::::::::::8b::::

         .::::88::::::::::::Y88888P::::::::::::88::::.

         :::::Y8baaaaaaaaaa88P:T:Y88aaaaaaaaaad8P:::::

         :::::::Y88888888888P::|::Y88888888888P:::::::

         ::::::::::::::::888:::|:::888::::::::::::::::

         `:::::::::::::::8888888888888b::::::::::::::'

          :::::::::::::::88888888888888::::::::::::::

           :::::::::::::d88888888888888:::::::::::::

            ::::::::::::88::88::88:::88::::::::::::

             `::::::::::88::88::88:::88::::::::::'

               `::::::::88::88::P::::88::::::::'

                 `::::::88::88:::::::88::::::'

                    ``:::::::::::::::::::''

                         ``:::::::::''

                         

            this file brought to you by Dz-Ghost Team





       |Redda | Saousha | indoushka | Mr.Sql | XxProratxX |



                      
  --                    [ Dz-Ghost Team ]                           ---

-------------------------------------------------------------------------

# Author  : indoushka

# email   : indoushka@hotmail.com

# Home    : www.iq-ty.com

# Script  : Copyright © 2003-2005 Yonja, LLC. Her hakk? sakl?d?r

# Bug     : Shell Upload

======================         Dz-Ghost Team           ===================

# Exploit  : 



1- http://127.0.0.1/Yonja/Login.php

2- http://127.0.0.1/Yonja/UploadPicture.php



=========================Dz-Ghost Team===================

Greetz : all my friend and F7k-B0y * Dos-Dz * Snakespc * His0k4 * Hussin-X