Home / exploits Album Remote Shell Upload Vulnerability
Posted on 03 September 2013
<pre>|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |-------------------------------------------------------------------------| | [+] Exploit Title:Album Remote Shell Upload Vulnerability | | [+] Google Dork:inurl:/Admin/Albums.aspx intext:"Add New Album" | | [+] Exploit Author: Ashiyane Digital Security Team | | [+] Tested on: Windows,Linux | |-------------------------------------------------------------------------| | [+] Exploit: | | [+] http://localhost/Admin/Albums.aspx | | [+] Click on edit | [+] To add single photos over HTTP, select a file and caption, then click Add.(choose shell) |-------------------------------------------------------------------------| | [+] Demo site: | [+] http://wXXXXom/Admin/Albums.aspx | [+] http://XXXr.com/Admin/Albums.aspx | [+] http://www.carXXXr.com/Admin/Albums.aspx | [+] http://www.foXX.net/Admin/Albums.aspx | [+] http://www.funXXel.com/Admin/Albums.aspx |-------------------------------------------------------------------------| | [+] Discovered By :hossein19123 & Milad Hacking | | [+]Greetz to: My Lord Allah | [+]Sp Tnx To:PrinceofHacking , C4T , V1R4N64R , MR.SAMAN, Tr0janman | [+]Ashiyane Security [ Researcher Team AND Deface Team ] |-------------------------------------------------------------------------| | [+]Home:Ashiyane.Org | |-------------------------------------------------------------------------| |*||*||*||*||*||*||*||*||*||*||*||*||* </pre>
