تخطي مراكز الأبلود عن طريق أداة Live HTTP headers و هذه الاداة هي موجودة في إضافات الفايرفوكس
الثغرة:
كود:
RW-Download v4.0.6 File Upload Vulnerability
====================================================================
####################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://traidnt.net/vb/attachment.php?attachmentid=72765&d=1157806602
.:. Dork : "Powered by RW-Download v4.0.6"
.:. Sp3C!4L Gr34T$ T0 ZaIdOoHxHaCkEr
####################################################################
===[ Exploit ]===
# Step 1 : Go to Upload Shell [www.site.com/index.php?ACT=useradddl]
# Step 2 : Fill All the blanks And Upload Shell in Thumbnail image
# Step 3 : Go To Add-ons For Firefox Install Live HTTP headers
Link [https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/]
# Step 4 : Upload Shell [shell.jpg Or shell.gif]
# Step 5 : Go To Live HTTP headers And change Extension To .php
# Step 6 : Link Shell [www.site.com/temp/shell.php]
# Example : http://redady.eb2a.com/temp/r57small.php
#################################################################### رابط الشرح:
كود:
http://www.multiupload.com/X4O5BJ7JHL
Bypass Upload Shell & Security
02-04-2011, 06:44 AM
Bypass Upload Shell & Security 
العرض العادي
