Best Dating Script - Arbitrary File Upload

EDB-ID:

9472

CVE:

N/A


Author:

jetli007

Type:

webapps


Platform:

PHP

Date:

2009-08-18


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

=======================================================
+++++++++++++++++++ |Script info| +++++++++++++++++++++
=======================================================
                       
                    [Shell Upload Vulnerability]

[-] script : bestdatingscript

[-] Site   : http://www.bestdatingscript.com



=======================================================
+++++++++++++++++++ |Author| ++++++++++++++++++++++++++
=======================================================


[+] Found by  :  jetli007

[+] C0ntact   : alkhari9007 [AT] Gmail [DOT] com 
                   
[+] Group     : Saudi Virus Team

[+] Site       : www.vxx9.cc

=======================================================
+++++++++++++++++++++++ |Exploit| +++++++++++++++++++++
=======================================================


[+] Exploit : 
     
  - steps :	 

        - [1] : register in site

        - [2] : Login with ur account 
         
        - [3] : goto http://www.127.0.0.1.com/ [path] /upload.php
		
        - [4] : http://www.127.0.0.1.com/ [path] /photos/Evil.php
		
---------------------------------------------------------------------

Greetz : Reno ; Dr.php ; !BaD BoY! ; 5D ; taishi ; ga3 wlad drb XD ; all friends [* -]

# milw0rm.com [2009-08-18]