Home / os / blackberry

Avsarsoft Matbaa Script Cross Site Scripting / Shell Upload

Posted on 24 April 2015

#Title : Avsarsoft Matbaa Script - Multiple Vulnerabilities #Author : ZoRLu / zorlu@milw00rm.com #Website : milw00rm.com / milw00rm.net / milw00rm.org #Twitter : https://twitter.com/milw00rm or @milw00rm #Test : Windows7 Ultimate #Discovery : 15/04/15 #Publish : 23/04/15 #Thks : exploit-db.com, packetstormsecurity.com, securityfocus.com, sebug.net, cxsecurity.com and others #BkiAdam : Dr.Ly0n, KnocKout, LifeSteaLeR, Nicx #Demo : http://avsarsoft.com/matbaa/ #Demo User : sop08574@qisdo.com #Demo Pass : 123456 1) Remote File Upload Vulnerability you go here: localhost/path/index.php?Git=KartvizitTasarla localhost/path//index.php?Git=BrosurTasarla localhost/path/index.php?Git=DavetiyeTasarla after click to "Resim Ekle" select your php file and wait for upload after go here for you php file localhost/path/upload/file.php 1) Multiple XSS Vulnerabilities register to site localhost/path/index.php?Git=UyeOl after login localhost/path/index.php?Git=Uyelik after go here and add your xss code localhost/path/index.php?Git=KontrolPaneli&Sayfa=KisiselBilgilerim localhost/path/index.php?Git=KontrolPaneli&Sayfa=AdresBilgilerim localhost/path/index.php?Git=KontrolPaneli&Sayfa=Yorumlar

 

TOP