Popular Post

Popular Posts

puzzle creator CMS File Upload vulnerability

Minggu, 23 April 2017


* Title: puzzle creator CMS File Upload vulnerability
* date: 4/22/2017
* Exploit Author : Gudrdiran Security Team
* Google Dork : intitle:"puzzle creator" "index.php=difficulty="
* Softwar Link : http://www.puzzle-maker.com/
* Vendor Homepage: https://www.nimble.com/
* Tested On : Kali Linux w3af / Windows 8.1

----------------------------------

Description :
Hello Guys
This is a file upload exploit
we can upload our shell With Tamper data or Live Http Header

Dir Shell:
When You Bypass Your Shell With Tamper Data Or Live Http Header Target Will Be Shown you The URL( Shell )
Usually Dir Shell : /puzzle/name_shell.php

Poc:
Page vulnerable :
[/puzzle/]
Exploit : /puzzle/upload.php


Demo:

http://www.brandonbrady.com/puzzle/upload.php
http://www.kidtopia.info/puzzle/upload.php
http://www.teachertopia.info/puzzle/upload.php

Navigation

Weekly most viewed

Blogroll

Cari Blog Ini

Arsip Blog

Recent in Sports

Comments

Social

Random Posts

Recent

Header Ads

- Copyright © Social-net7sec - Devil Survivor 2 - Powered by Blogger - Designed by Johanes Djogan -