Uploadscript 1.0 - Multiple Vulnerabilities

EDB-ID:

10403


Author:

Mr.aFiR

Type:

webapps


Platform:

PHP

Date:

2009-12-13


# Exploit Title: Uploadscript v1.0. Multiple Vulnerabilities
# Date: 13-12-2009
# Author: Mr.aFiR
# Software Link: http://www.phpstudio.hu/?action=verify&categorize=php&subaction=php&context=php&ID=75&verify=0
# Version: N/A
# Tested on: GNU/LINUX
# CVE : N/A
# Code : N/A
#####################################################################

#####################################################################
##                                _______   ____                   ##
##          __ ___               / _____ \ /  __ \                 ##
##         /      \  _ _     ___ | |___ |/ | |  ) )                ##
##        |  Y  Y  \| V_\   / _ Y|  __ |(_)| |_/ /      [A]        ##
##        |__|__|__ \ |  ()| (_] | |  \|| ||  __ \                 ##
##                 \/_/     \___ | |    | || |  ) |                ##
##                              \|/     |_/|_/  |/                 ##
##                                                                 ##
#####################################################################
##          Uploadscript v1.0. Multiple Vulnerabilities            ##
##                [Admin-password / Shell Upload]                  ##
##              Created By Mr.aFiR (Moroccan Hacker)               ##
##            Email: q-_@hotmail.com / ax@hotmail.com              ##
##                     Website: www.aFiR.me                        ##
##                      (c) -- 13/12/2oo9                          ##
#####################################################################
##                      * How to use it ?                          ##
##                      -----------------                          ##
## ~ Go to : > http://site/path/password.txt                       ##
##           > You will find a Hash(md5) password !                ##
##           > Decrypte this password !                            ##
##           > Now! Go to : /path/admin.php                        ##
##           > Write the password & Login to AdminCP               ##
##           > Go to : /path/admin.php?act=bans                    ##
##           > Delete All Bans                                     ##
##           > Now! Go to : /path/index.php                        ##
##           > Upload your shell as : shell.php.jpg                ##
##           > Uploaded Files Directory is : /path/storagedata/    ##
##           > Your Link is:                                       ##
##                     http://server/path/storagedata/[Shell]      ##
##           > -------------------------------------------------   ##
##           > Enjoy With it, You Will Find a lot of infected      ##
##             websites. & Remember me ;)                          ##
#####################################################################
## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ...  ##
## ~ Contact   : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me    ##
##                        I Love You ****                          ##
#####################################################################