Welcome To My Blog!!: PHP Remote - File Uploading Vulnerability

Sunday, June 29, 2014

Dork:

inurl:”cadastro.php?TipodeConta=

Choose any sites... This form will be appeared :

Type as this form:

Nome de usuário: a
Senha: a
Repita a senha : a
Nome: a
Sobrenome: a
Telefone: 0987654321
E-mail: 123@gmail.com

Then press Enviar.

You will be redirected to login site then type as this form again:

Nome de usuário: a
Senha: a

I'll take an example:

http://www.amiltonimoveis.com.br/index.php

When got .../index.php => .../perfil.php then you'll get this:

http://www.amiltonimoveis.com.br/perfil.php

Fill in the form all "a"... Press "Upload" to upload your file... :D

You will go to this site:

http://www.marlenefestasrs.com/sobre_mim.php?id=71

Then you will see your index or your files :D

Welcome To My Blog!!