Andy's PHP Knowledgebase 0.95.5 Shell Upload

Type packetstorm
Reporter Black.Spook
Modified 2011-09-22T00:00:00


                                            `# Exploit Title: aphpkb 0.95.5 Remote File Upload  
# Date: 2011 Sep 21  
# Author: Black.Spook ( H4ckcity Security Team )  
# Software Link:  
# Version: 0.95.5  
# Tested on: Linux  
# Email:  
Steps to exploit this vulnerability:  
1- Navigate to http://Target/aphpkb_path/saa.php?aid=1  
2- Fill all fields with required data and submit  
3- After successful submition, go to http://Target/aphpkb_path/attach/ and there is your uploaded shell  
4- If the attach directory does not support Directory Listing, you should name your file as following format:  
(where id stands for the inserted db record  
example: 1-1-1-shell.php )  
5- Hooray, now you have a working shell. :)  
Special Thanks to : Expl0its, Higher_sense