Mobilya Scripti 2 Shell Upload

Mobilya Scripti 2 Shell Upload: Posted Apr 11, 2016; Authored by Antidote; Mobilya Scripti 2 suffers from a remote shell upload vulnerability.; tags | exploit, remote, shell; SHA-256 | f0553b31a8ebb47291d787fabfc5388080415751f064cf2557a9a45ab3fa50ca; Download | Favorite | View

Mobilya Scripti 2 Shell Upload

   1. # Exploit Title: Mobilya Scripti v2 File Upload
   2. # Google Dork: intext:Lütfen sadece .doc yada .pdf uzantılı dosya
   gönderin.
   3. # Date: 10.4.2016
   4. # Exploit Author:  Antidote(antidotedefacer@gmail.com)
   5. # Vendor Homepage:
   http://www.hazirscriptler.web.tr/mobilya-scripti-php-v2
   6. # Version: v2
   7. # Tested on: Windows
   8. ------------------------------------------------
   9.                __  .__    .___      __
   10. _____    _____/  |_|__| __| _/_____/  |_  ____
   11. \__  \  /    \   __\  |/ __ |/  _ \   __\/ __ \
   12.  / __ \|   |  \  | |  / /_/ (  <_> )  | \  ___/
   13. (____  /___|  /__| |__\____ |\____/|__|  \___  >
   14.      \/     \/             \/                \/
   15. ------------------------------------------------
   16. Script Bug File:insan_kaynaklari_gonder.php
   17. ------------------------------------------------
   18.     $eposta  = p('txt_email');
   19.     $tarih      = date("d-m-Y");
   20.     $kaynak = $_FILES["txt_dosya"]["tmp_name"];
   21.     $dosya = $_FILES["txt_dosya"]["name"];
   22.     $uzanti = explode(".", $_FILES[txt_dosya][name]);
   23.     $random = rand(0,9999);
   24.     $yeni_isim = $random."_".$dosya;
   25.     $hedef  = "kit/cv/".$yeni_isim;
   26.
   27.     if($dosya=="")
   28.     {
   29.        echo 'Lutfen cv yükleyiniz....';
   30.        echo '<meta http-equiv="refresh" content="2;
   url=sayfa-insan-kaynaklari" />';
   31.     }
   32.
   33.     else{
   34.     $gitti=move_uploaded_file($kaynak,$hedef);
   35.     $iletisim_ekle_sorgu=mysql_query("insert into insan_kaynaklari (
   36.
   eposta,
   37.
   dosya,
   38.
   tarih)
   39.
   values (
   40.
    '$eposta',
   41.
    '$yeni_isim',
   42.
    '$tarih')");
   43.       echo 'Başvurunuz başarıyla alınmıştır. Değerlendirilip dönüş
   yapılacaktır.. Yonlendiriliyorsunuz...';
   44.       echo '<meta http-equiv="refresh" content="2;
   url=sayfa-insan-kaynaklari" />';
   45.    }
   46. }
   47.
   ---------------------------------------------------------------------------------
   48. Example:http://nehircollection.com/sayfa-insan-kaynaklari ,
   http://www.saralphotography.com/sayfa-insan-kaynaklari
   49. Enter mail and File Shell send after
   50. Open on localhost php file =>
   https://gist.github.com/anonymous/a30506e46d6edc724bb373744d25cd8c
   51. after
   52. Url:http://example.com
   53. Shellname: send shell name (Ex:c99.php,a.php,c.php)
   54. Submit
   55. Wait till the end
   56. include shell page url :)
   57.
   ---------------------------------------------------------------------------------
   58. Team : Janissaries.org, Spycod3.org
   59. Thanks : Bydokunulmaz
   60. Twitter: @coderantidote
   61. Website: antidotesoft.com

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Mobilya Scripti 2 Shell Upload

Mobilya Scripti 2 Shell Upload

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Mobilya Scripti 2 Shell Upload

Share This

Mobilya Scripti 2 Shell Upload

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems