PHPAdBoard - PHP uploads Arbitrary File Upload

EDB-ID:

7562




Platform:

PHP

Date:

2008-12-23


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

.......................................................................

****(remote shell upload)****

script: phpAdBoard
   
***************************************************************************
download from:http://www.w2b.ru/download/phpAdBoard.zip
   
***************************************************************************
www.site.com/path/index.php
shell: www.site.com/path/photoes/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpAdBoard"

if folder photoes is forbidden
after get upload file u do right-click and see image properties and u see address file.
  
------------------------------------------------------------------------------------------  
**************************************************


Author: ahmadbady 

**************************************************

# milw0rm.com [2008-12-23]