vBulletin PhotoPost vBGallery v2.x Remote File Upload
Found by : Cold z3ro
e-mail : email@example.com
Home page : www.Hack.ps
exploit usage :
here the exploiter can upload php shell via this script
by renamed it's name to $name.php.wmv
but first he should be a user in the forum
thats so important to him cus the uploaded file will be
in his account nomber folder .
user : Cold z3ro
his account nomber is 4 as shown in link ,
the uploaded file ( shell ) will be in
id the user Cold z3ro have acconut nomber as example ( 12345 )
the file path is
i want tho thank all members in www.hackteach.org forums , best work u are done.
thank u .
# milw0rm.com [2008-07-15]