Shell Upload Exploit RedAdalet rwxr-xr-x 0 12:32:00

Başlık	Shell Upload Exploit
Yetki	rw-r--r--
Yazar	RedAdalet
Zaman	12:32:00
Kategori
Share

Selamın aleyküm

Belki çoğumuz bu upload açığını biliyoruz .. Ancak Shell upload etmeyi bilenler kadar bilmeyenlerde mevcut... Bu exploitte hem by pass hemde shell upload edebileceğimiz bir konuyu derledim.. 

################################################## #####
#
# [+] Exploit Title: FileChucker v4.56t-e07 File Upload Vulnerability
# [+] Google Dork: inurl:/cgi-bin/filechucker.cgi OR "intext:File Upload by Encodable" OR inurl:/cgi-bin/filechucker.pl
# [+] Date: 24-09-2015
# [+] Exploit Author: Coders
# [+] Discovered By : Red
# [+] Category: webapps
# [+] Software Link: http://encodable.com/filechucker/trial/filechucker.zip
# [+] Vendor Homepage: http://encodable.com/filechucker/
# [+] Version: 4.56t-e07
# [+] Tested on: Windows 7
#
################################################## #####
#
# [+] Exploit:
#
# [+] http://localhost/[path]/cgi-bin/filechucker.cgi
# [+] http://localhost/[path]/cgi-bin/filechucker.pl
#
#
################################################## #####
#
# [+] Proof:
#
# [+] http://localhost/[path]/cgi-bin/filechucker.cgi
# [1] You must enter the requested information first.
# [2] Please Click on the Browse and Select a file ( .htm , .html , .gif , .jpg , .png , .txt )
# [3] http://localhost/[path]/upload/files/Ayyildiz.htm OR Ayyildiz.html
#
################################################## #####
#
# [+] Demo site:
#
# [+] http://encodable.com/filechucker/#demo
# [+] http://encodable.com/uploaddemo/
# [+] http://www.middadmit.org/cgi-bin/filechucker.cgi
# [+] http://www.proprintidaho.com/cgi-bin/filechucker.cgi
# [+] http://www.golfillustrated.com/upload/
#
################################################## #####

Yukarıdaki gibi arattığımızda karşımıza bir çok site çıkacaktır... 166,000 kadar fakat bunların bir çoğu sahte (fake-malware) sitelerdir...