Exploit Title: Porn-Upload Systeam Arbitrary File Upload Vulnerability
Date : 2016/11/26
vendor HomePage: porn-upload.com
Exploit Author: Eagle Security Team
Tested on: [Win 7/Google chrome]
###################################################
Dorks:
inurl:\"/newpost.html\" intext:\"Part of the hotporn.pictures network! \"
inurl:\"/newpost.html\" intext:\"TOS: Do not upload images that are\"
inurl:\"/newpost.html\" intext:\"RANDOM PICS\"
inurl:\"/newpost.html\" intext:porn-upload
inurl:\"/newpost.html\" intext:\"UPLOAD PIC\"
###################################################
Poc:
Put newpost.html After url such as :
Site/[PATH]/newpost.html
Upload Your Pictures:gif,jpg,png,and...
And Maybe You Can Upload Video
Than You See Your Picture In Homepage
###################################################
Demo:
http://www.naked-indian-amateurs.net/newpost.html
http://mhv.flippyscripts.com/newpost.html
http://funny-cat.pics/newpost.html
http://www.ex-girlfriend-gallery.com/newpost.html
http://www.nude-celebrity.pictures/newpost.html
And More...
kalau sudah dapet , tinggal di
Klik Kanan > Copy Image Location > Done
http://www.ex-girlfriend-gallery.com/uploads/cowokerensteam_944727428.jpg
http://www.sex-upload.com/uploads/cowokerensteam_5015845699.jpg
http://lovedogslove.com/uploads/cowokerensteam_6108104735.jpg
http://timelinefan.com/uploads/cowokerensteam_3042633947.jpg
0 Komentar