• 设为首页
  • 收藏本站
  • 积分充值
  • VIP赞助
  • 手机版
  • 微博
  • 微信
    微信公众号 添加方式:
    1:搜索微信号(888888
    2:扫描左侧二维码
  • 快捷导航
    福建二哥 门户 查看主题

    PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability

    发布者: 管理员不想理你 | 发布时间: 2025-6-28 22:48| 查看数: 108| 评论数: 0|帖子模式

    vBulletin PhotoPost vBGallery v2.x Remote File Upload

    Found by : Cold z3ro

    e-mail : exploiter@hackteach.org

    Home page : www.Hack.ps

    ==============================

    exploit usage :

    http://localhost/Forum/$gallery_path/upload.php

    here the exploiter can upload php shell via this script

    by renamed it's name to $name.php.wmv

    but first he should be a user in the forum

    thats so important to him cus the uploaded file will be

    in his account nomber folder .

    example :

    user : Cold z3ro
    http://www.hackteach.org/cc/member.php?u=4

    his account nomber is 4 as shown in link ,

    the uploaded file ( shell ) will be in

    http://localhost/Forum/$gallery_path/files/4/$name.php.wmv

    id the user Cold z3ro have acconut nomber as example ( 12345 )

    the file path is

    http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv

    ===================

    i want tho thank all members in www.hackteach.org forums , best work u are done.

    thank u .

    # hackteach.org

    来源:https://www.jb51.net/hack/5681.html
    免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!

    最新评论

    QQ Archiver 手机版 小黑屋 福建二哥 ( 闽ICP备2022004717号|闽公网安备35052402000345号 )

    Powered by Discuz! X3.5 © 2001-2023

    快速回复 返回顶部 返回列表