RapidLeech Scripts - Arbitrary File Upload

EDB-ID:

14430

CVE:

N/A

Author:

H-SK33PY

Type:

webapps

Platform:

PHP

Published:

2010-07-21

# Exploit Title: RapidLeech Scrits Remote File Upload ( upload shell php )                    
# Date: 21/07/2010                             
# Author: H-SK33PY                      
# Software Link: http://www.rapidleech.com/
# Version: all versions
# Google dork :intitle:"Rx08.ii36B.Rv"
# Platform / Tested on: linux
# Category: remote
# Code : N/A


   010101010101010101010101010101010101010101010101010101010    
   0                                                       0
   1  Iranian Datacoders Security Team 2010
   0                                                       0
   010101010101010101010101010101010101010101010101010101010

#BUG:#########################################################################

After find the site of rapidleecher script on this :

To Active For run this method change the name of shell code 

example : shell.php >>>>>>> to  shell.php.001  or  shell.php.00

After trasfer this 

you can run it in this Url :
http://site.com/0x14/shell.php.001

or

http://site.com/0x14/shell.php.00

#############################################################################
Website : http://www.datacoders.ir

Special Thanks to : ccC0d3rZzz & all iranian datacoders members

#############################################################################