adi003user Posted April 8, 2011 Report Share Posted April 8, 2011 #### Title : SMF 2.0 RC5 Remote Shell Upload Exploit# Author : KedAns-Dz# E-mail : ked-h@hotmail.com# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)# Twitter page : twitter.com/kedans# platform : php# Impact : Remote Shell Upload# Tested on : Windows XP sp3 FR### [?] ~ ********* In The name of Allah ************#### Go0Gle D0rk : "Powered by SMF 2.0 RC5 "# Exploit : You Are Can Upload The Shell in (attachments) Folder from 'SMF 2.0 RC5' (+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment (+) After Reply .. You Are Can Access to Shell in : > http://[target/Path]/attachments/{fileID}_{fileHASH} > The HASH Is encoder by : SHA1(+) Because the 'SMF 2.0 RC5' Change the Any Attach name Ex : '1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca' << This is From Ex file I'm uploaded From My Local SMF(+) After You Are Detect The SHA HASH .. access in the shell ! Usage : http://127.0.0.1:8888/smf/attachments/1_86e1d5b5ec318635ec9ece9b4586bd8c1d07facaOR access in this url : > http://[target/Path]/index.php?action=dlattach;topic={topicID};attach={attach-SHELL-id};imagebut this access with URL not succeeding always # ** In The Peace of Allah **=================================================================================================#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================================== # Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS ># Islampard * Zaki.Eng * Dr.Ride * Red1One * Badr0 * XoreR * Nor0 FouinY * Hani * Mr.Dak007 * Fox-Dz# Masimovic * TOnyXED * r0073r (inj3ct0r.com) * TreX (hotturks.org) * KelvinX (kelvinx.net) * Dos-Dz# Nayla Festa * all (sec4ever.com) Members * PLATEN (Pentesters.ir) * Gamoscu (1923turk.com)# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{# Indoushka (Inj3ct0r.com) * [ Ma3sTr0-Dz * MadjiX * BrOx-Dz * JaGo-Dz (sec4ever.com) ] * Dr.0rYX # Cr3w-DZ * His0k4 * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,# 1337day.com * Packet Storm ? Full Disclosure Information Security * exploit-db.com * bugsearch.net * exploit-id.com # Metasploit Framework Penetration Testing Software | Metasploit Project * SecurityReason.com - Our Reason is Security * All Security and Exploits Webs ... Quote Link to comment Share on other sites More sharing options...
DanISR Posted April 8, 2011 Report Share Posted April 8, 2011 (edited) (+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment adika , faci shell nume.gif.php sau ?edit : care ma poate ajuta ii dau un cont orange. Edited April 8, 2011 by DanISR Quote Link to comment Share on other sites More sharing options...
BogdanNBV Posted April 8, 2011 Report Share Posted April 8, 2011 am incercat cu danisr si fara htaccess il arata ca text, iar cu htaccess nu merge de loc zice ca este accestul restrictionat Quote Link to comment Share on other sites More sharing options...
