.: Dee Personal Blog :.

Subtitle

Blog

FileChucker-Uploader v4.x File Upload Vulnerability

Posted by Root on September 12, 2011 at 2:55 AM

Title : FileChucker-Uploader v4.x File Upload Vulnerability

Author : KedAns-Dz

E-mail : [email protected] ([email protected]) | [email protected] | [email protected]

Home : Hassi.Messaoud (30008 - Algeria -(00213555248701)

Facebook : http://facebook.com/KedAns

Platform : php

Impact : File Upload (.html)

Tested on : Windows XP SP3 (fr)


#Proof of Concept

Google Dork : allintext:"File Upload by Encodable"


Buka google.co.uk dan ketik dorknya, pilih website yang mau dijadikan target percobaan.

Silahkan coba upload file .html ke website target (Script Deface-an).

 

Setelah itu periksa di :

http://site target/upload/files/nama user.nama file.html

http://site target/upload/files/nama user/nama file.html

http://site target/upload/files/nama file.html

atau biasanya URL akan diberikan oleh site tersebut.


Hasil :

http://www.finelinensw.com.au/transfer/upload/files/users/8436c0707e640ef23a223d272dcc39e4/dee-cisadane.html

http://dlcart.com/upload/files/dee-cisadane.20110911-1116.html

http://www.realrooster.com/upload/files/dee/dee-cisadane.html

http://encodable.com/uploaddemo/files/dee_01/dee-cisadane.html

http://www.majorbusinesssystems.com/upload/files/dee-cisadane.html

http://www.buffalograffix.com/upload/files/dee-cisadane.html

http://www.integralcreative.ca/upload/files/dee-cisadane.html

http://www.1001sheets.com/upload/files/dee/dee-cisadane.html

http://www.plazanoir.com/upload/files/dee/dee-cisadane.html

http://transfer.lewispr.com/upload/files/users/d05d9aa7436583c4cf109f5e5c6ce375/dee-cisadane.html

http://www.idesigncs.com/upload/files/dee/dee-cisadane.html

http://www.chainringchamps.com/upload/files/dee-cisadane.html

http://www.imbranded.com/upload/files/dee-cisadane.html

http://www.newdaymedia.com/upload/files/dee-cisadane.html

http://www.baring-technologies.com/upload/files/dee-cisadane.html

http://acutechdentalmilling.com/upload/files/dee/dee-cisadane.html

http://www.colorslide.biz/upload/files/dee/dee-cisadane.html

http://clickster.com/upload/files/dee-cisadane.html

http://www.clincorporated.com/upload/files/dee-cisadane.html

http://www.freshdls.net/upload/files/dee/dee-cisadane.html

http://www.graphicdevelopments.com/upload/files/dee/dee-cisadane.html

http://office.watsonproductions.com/upload/files/dee-cisadane.html

http://undersaddleproductions.com/upload/files/dee/dee-cisadane.html

http://allamericanprinting.us/upload/files/dee-cisadane.html

http://www.thevillagedirectorykent.co.uk/upload/files/dee/dee-cisadane.html

http://98.117.89.43/upload/files/dee/dee-cisadane.html

http://www.totaaldrukker.nl/upload/files/dee/dee-cisadane.html

http://sharperimaging.com/upload/files/dee-cisadane.html

http://www.projectspat.com/upload/files/dee/dee-cisadane.html

http://artupload.skylinenj.com/upload/files/dee-cisadane.html

http://64.79.127.155/Files/dee/dee-cisadane.html

http://upload.allesdruk.nl/upload/files/dee/dee-cisadane.html

http://mail.labels.ca/upload/files/dee-cisadane.html

http://upload.druk-druk-drukker.nl/upload/files/dee/dee-cisadane.html


Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

Already a member? Sign In

0 Comments