dr.d3v1l Posted June 5, 2012 Report Share Posted June 5, 2012 # Exploit Title: [Wordpress Upload Form Vuln]# Vendor or Software Link: none# Version: 3.2.1# Category:: [webapps,]# Google dork: [inurl:/wp-content/plugins/easy-comment-uploads/upload-form.php]# Tested on: [Windows XP Service Pack 3]# Demo site: fashion-course.com - fashion-course Resources and Information.Example: shell fashion-course.com - fashion-course Resources and Information. Quote Link to comment Share on other sites More sharing options...
ionutz15 Posted June 5, 2012 Report Share Posted June 5, 2012 In ce format trebuie urcat shell'u?You are attempting to upload a file with a disallowed/unsafe filetype!Am incercat cu c99.php Quote Link to comment Share on other sites More sharing options...
dr.d3v1l Posted June 5, 2012 Author Report Share Posted June 5, 2012 incearca sa bypass .jpg.php Quote Link to comment Share on other sites More sharing options...
ionutz15 Posted June 5, 2012 Report Share Posted June 5, 2012 nimic, la fel Quote Link to comment Share on other sites More sharing options...
SirGod Posted June 5, 2012 Report Share Posted June 5, 2012 Dupa cate vad la demo poti uploada fisiere PHTML. Din cate stiu eu serverul trebuie configurat ca sa le poata "rula". Majoritatea nu sunt (probabil nu iti va merge in niciunul dintre cazuri - le vei putea uploada, dar nu vor fi 'rulate', probabil o sa iti tranteasca un dialog de download sau sa iti afiseze continutul direct in browser). Quote Link to comment Share on other sites More sharing options...
gugustiuc Posted June 9, 2012 Report Share Posted June 9, 2012 mda parca a mai fost postat acum ceva timp pe aici...pe majoritatea se pot urca doar .jpg Quote Link to comment Share on other sites More sharing options...