Andy's PHP Knowledgebase 0.95.5 Shell Upload

2011-09-22T00:00:00
ID PACKETSTORM:105275
Type packetstorm
Reporter Black.Spook
Modified 2011-09-22T00:00:00

Description

                                        
                                            `# Exploit Title: aphpkb 0.95.5 Remote File Upload  
# Date: 2011 Sep 21  
# Author: Black.Spook ( H4ckcity Security Team )  
# Software Link: http://prdownloads.sourceforge.net/aphpkb/aphpkb-0.95.5.tgz?download  
# Version: 0.95.5  
# Tested on: Linux  
# Email: Bl4ck.Spook@gmail.com  
  
Steps to exploit this vulnerability:  
1- Navigate to http://Target/aphpkb_path/saa.php?aid=1  
2- Fill all fields with required data and submit  
3- After successful submition, go to http://Target/aphpkb_path/attach/ and there is your uploaded shell  
4- If the attach directory does not support Directory Listing, you should name your file as following format:  
id-1-id-filename  
(where id stands for the inserted db record  
example: 1-1-1-shell.php )  
5- Hooray, now you have a working shell. :)  
  
Special Thanks to : Expl0its, Higher_sense  
`