Fast Free Media 1.3 Adult Site - Arbitrary File Upload









| # Title    : Fast Free Media V 1.3 Adult Site Upload Shell Exploiot          
| # Author   : indoushka                                                               
| # email    :                                                   
| # Home     :                                                                                                                                                                                                               
| # Script   : Powered by All Videos Copyright © To Their Respective Owners. All Rights Reserved. 
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Upload Shell
| # Download :                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  : 
If you have FFMPEG installed you can convert your /media/uploads files to .flv <a href="">here</a>. Or you can rebuild thumbnails using FFMPEG-PHP <a href="">here</a>.
<div style="clear:both;height:20px;">&nbsp;</div>
<div class="tabular_data" id="uftd">
  <div class="header"><strong>Select a Media File to Upload</strong> Files will be uploaded to: <em>/media/upload</em></div>
      <td align="center">This flash tool has a built in size limit of 50Mb but kicks ass for anything under that. <font style="font-size:10px;font-family:Verdana, Arial, Helvetica, sans-serif" color="#494949">&nbsp; </font><br>
        <OBJECT id="FlashFilesUpload" codeBase=",0,0,0"
        width="450" height="350" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" VIEWASTEXT>
          <PARAM NAME="FlashVars" VALUE="uploadUrl=">
          <PARAM NAME="BGColor" VALUE="#F8F6E6">
          <PARAM NAME="Movie" VALUE="">
          <PARAM NAME="Src" VALUE="">
          <PARAM NAME="WMode" VALUE="Window">
          <PARAM NAME="Play" VALUE="-1">
          <PARAM NAME="Loop" VALUE="-1">
          <PARAM NAME="Quality" VALUE="High">
          <PARAM NAME="SAlign" VALUE="">
          <PARAM NAME="Menu" VALUE="-1">
          <PARAM NAME="Base" VALUE="">
          <PARAM NAME="AllowScriptAccess" VALUE="always">
          <PARAM NAME="Scale" VALUE="ShowAll">
          <PARAM NAME="DeviceFont" VALUE="0">
          <PARAM NAME="EmbedMovie" VALUE="0">
          <PARAM NAME="SWRemote" VALUE="">
          <PARAM NAME="MovieData" VALUE="">
          <PARAM NAME="SeamlessTabbing" VALUE="1">
          <PARAM NAME="Profile" VALUE="0">
          <PARAM NAME="ProfileAddress" VALUE="">
          <PARAM NAME="ProfilePort" VALUE="0">
          <embed bgcolor="#F8F6E6" id="EmbedFlashFilesUpload" src="ElementITMultiPowUpload1.7.swf" quality="high" pluginspage=""   
		 type="application/x-shockwave-flash" width="450" height="350" flashvars="uploadUrl=uploadfiles.php?username=<?php echo"$username";?>"> </embed>
      </OBJECT>      </td>
    <form action="" method="post">
        <td>Grab from Remote server <em></em></td>
        <td><span class="form">
          <input name="rmtimage" type="text" size="90" />
        <td class="last"><input type="submit" value="Grab File" /></td>
Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team
all my friend :
His0k4 * Hussin-X * Rafik ( * Yashar ( SoldierOfAllah (
Stake ( * r1z ( * D4NB4R * MR.SoOoFe * ThE g0bL!N * *