SMF is now exploitable
SMF is now exploitable
0day SMF discovered by The-Dark_Man && Nexen --->Italian Bug Hunter <---
Translated in english by cybermilitant
Note:The bug is pubblic
This is a dangerous bug because many upload system are affected, whit this bug you can upload a phpshell bypassing the restrictions.
Begin:
Prepare your shell (like c99 or nexpl0rer).
Rename it as shell.php.zip (advertence: You mustn't put the shell in an archive but you must only rename it!).
After upload it intermediary upload's attachments of SMF.
Now, if you are lucky, and the admin haven't enabled the opction encrypt filenames, you will find your phpshell here:
http://victim/path/attachments/shell.php.zip
Discovered by The-Dark_Man && NexeN
Enjoy
Rambo
Translated in english by cybermilitant
Note:The bug is pubblic
This is a dangerous bug because many upload system are affected, whit this bug you can upload a phpshell bypassing the restrictions.
Begin:
Prepare your shell (like c99 or nexpl0rer).
Rename it as shell.php.zip (advertence: You mustn't put the shell in an archive but you must only rename it!).
After upload it intermediary upload's attachments of SMF.
Now, if you are lucky, and the admin haven't enabled the opction encrypt filenames, you will find your phpshell here:
http://victim/path/attachments/shell.php.zip
Discovered by The-Dark_Man && NexeN
Enjoy
Rambo
- Big-E
- Administrator
- Posts: 1332
- Joined: 16 May 2007, 16:00
- 16
- Location: IN UR ____ , ____ING UR _____ .
- Contact:
Do the following:
www.google.com > type shell + c99 (or nexpl0rer) > search
Then read all the skiddie tutorials on the aforementioned.
www.google.com > type shell + c99 (or nexpl0rer) > search
Then read all the skiddie tutorials on the aforementioned.
- Big-E
- Administrator
- Posts: 1332
- Joined: 16 May 2007, 16:00
- 16
- Location: IN UR ____ , ____ING UR _____ .
- Contact:
That does not make me 'l337' it makes me a human capable of doing very un-complex searches for useless information of which have no applicable use other than to be a nuisance to people browsing the internet. Again, people using this exploit are idiots who use skiddie tactics, calling themselves hackers.
- isapiens
- Fame ! Where are the chicks?!
- Posts: 533
- Joined: 05 May 2006, 16:00
- 17
- Location: Turn around
well i didnt know whats c99, so this is what i typed in google
And it gave me the info i needed
Btw, i didnt know whats smf either. Its a forum building software correct? (stands for simple machine smth..)
So, anyway, about the exploit... So the only thing you have to do is give the php file a fake zip extension?
Code: Select all
c99 shell
Btw, i didnt know whats smf either. Its a forum building software correct? (stands for simple machine smth..)
So, anyway, about the exploit... So the only thing you have to do is give the php file a fake zip extension?
Fluoridation is the most monstrously conceived and dangerous communist plot we have ever had to face.
ok this doesnt really surprise me
now alot of you will find uploaders disable .php extenshions to be uploaded
now whats say you want to upload a shell
but .php and.asp is disbaled
but they have enabled .zip .rar .gif .jpg and so on
now you rename it making sure you have .php as the first extension
eg
shel.php
rename to shel.php.rar
or try
shel.php.zip
shel.php.gif
shel.php.jpg
there are many diferent filetypes
loook them up
but when you upload your shell as .php.rar or something the file is opened as its format now as extension
now your standard shell will be text/html format so the server executes it as that
some admins choose to make it auto rename to
whats say
y4h7h5frj4h78kz7s0n1c0n1.html
thats encrypted and automaticly executed as html code
useless to you
hope this helps
but many sites i have shells on i have used this trick on an uploader
enjoy
now alot of you will find uploaders disable .php extenshions to be uploaded
now whats say you want to upload a shell
but .php and.asp is disbaled
but they have enabled .zip .rar .gif .jpg and so on
now you rename it making sure you have .php as the first extension
eg
shel.php
rename to shel.php.rar
or try
shel.php.zip
shel.php.gif
shel.php.jpg
there are many diferent filetypes
loook them up
but when you upload your shell as .php.rar or something the file is opened as its format now as extension
now your standard shell will be text/html format so the server executes it as that
some admins choose to make it auto rename to
whats say
y4h7h5frj4h78kz7s0n1c0n1.html
thats encrypted and automaticly executed as html code
useless to you
hope this helps
but many sites i have shells on i have used this trick on an uploader
enjoy