Mini File Host 1.5 Shell Upload

2009-12-22T00:00:00
ID PACKETSTORM:84176
Type packetstorm
Reporter Mr.Z
Modified 2009-12-22T00:00:00

Description

                                        
                                            `=====================================================================  
  
=========  
_ _ _ _ _ _  
/ \ | | | | / \ | | | |  
/ _ \ | | | | / _ \ | |_| |  
/ ___ \ | |___ | |___ / ___ \ | _ |  
IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_|  
  
  
=====================================================================  
  
=========  
[»] ~ Note : This vulnerability allows you to upload if the "storage" file isn't protected with a htaccess file or  
  
anything else  
=====================================================================  
  
=========  
[»] Mini File Host v1.5 Remote File Upload Vulnerability  
=====================================================================  
  
=========  
  
[»] Script: [ Mini File Host ]  
[»] Language: [ PHP ]  
[»] Site page: [ Mini File Host v1.5 ]  
[»] Download: [ http://www.hotscripts.com/listing/mini-file-host/ ]  
[»] Founder: [ Mr.Z <tzar.evil@yahoo.com> ]  
[»] Greetz to: [ all muslims , ViRuSMaN ]  
  
###########################################################################  
  
===[ Exploit ]===  
  
Click on "Browse" and select your php shell  
Click Upload  
After it finishs , you will see this meassage (  
  
Your file was uploaded!  
  
Your download link  
  
http://server/script/download.php?file=328shell.php  
  
)  
  
Copy the new Name of the shell "328shell.php"  
  
Now Go to this Url  
  
http://server/script/storage/328shell.php  
  
if "Storage" wasn't protected your shell will open  
  
  
Author: Mr.Z <-  
  
###########################################################################  
  
`