Computer Security

Security Advisory: ImI image file inclusion in script upload
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  ifdate 2.* unauthorized administrative access bug

From:spriteversus_(at)_hotmail.com <spriteversus_(at)_hotmail.com>
Date:15.05.2007
Subject:ImI image file inclusion in script upload

# w2box: web 2.0 File Repository (Upload)

# Script Code Source http://labs.beffa.org/w2box/

# Dork : "powered by w2box"

# Discovered by 4ur3v0ir

#Homepage Four: http://www.security-frog.org http://www.c-group.org
http://hslteam.org



# Greetz To:NINF,frat2005,komtec1,kakalake,_AntraX_,fr34k And Staff
.................................................................................
.........................
Exploit:

http://wwww.homepage.com/w2box/

Upload a file with the extension .php.jpg to obtain shell in the system

http://www.homepage.com/w2box/data/file.php.jpg
.................................................................................
..........................

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru