PhotoPost vBGallery 2.4.2 - Arbitrary File Upload Vulnerability

ID EDB-ID:6082
Type exploitdb
Reporter Cold Zero
Modified 2008-07-15T00:00:00


PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability. CVE-2008-0251,CVE-2008-7088. Webapps exploit for php platform

                                            vBulletin PhotoPost vBGallery v2.x Remote File Upload

Found by : Cold z3ro

e-mail :

Home page :


exploit usage : 


here the exploiter can upload php shell via this script

by renamed it's name to $name.php.wmv

but first he should be a user in the forum

thats so important to him cus the uploaded file will be

in his account nomber folder .

example :

user : Cold z3ro

his account nomber is 4 as shown in link ,

the uploaded file ( shell ) will be in


id the user Cold z3ro have acconut nomber as example ( 12345 )

the file path is 



i want tho thank all members in forums , best work u are done.

thank u .


# [2008-07-15]