Mail Form Pro 2 Shell Upload

2010-02-16T00:00:00
ID PACKETSTORM:86362
Type packetstorm
Reporter EgoPL
Modified 2010-02-16T00:00:00

Description

                                        
                                            `  
  
  
  
  
# Exploit Title: Multiple File Attachments Mail Form Pro v2 - WebShell upload  
# Date: 16/02/2010  
# Author: EgoPL  
# Mail: dplrip@gmail.com<mailto:dplrip@gmail.com>  
# Software Link: http://activeden.net/item/multiple-file-attachments-mail-form-prov2/31262  
# Version: Pro V2  
# Tested on: Arch Linux + Apache but it's OS independent.  
  
#Exploit:  
The webapp uploads the attachments of the mail with 777 permissions so you can upload a webshell and use it etc  
  
Code  
if(!is_dir("./files")) mkdir("./files", 0755);  
move_uploaded_file($_FILES['Filedata']['tmp_name'], "./files/".$_FILES['Filedata']['name']);  
chmod("./files/".$_FILES['Filedata']['name'], 0777);  
  
That's the EPIC fail. You only need to upload a webshell and enter to it in the folder files.  
  
  
  
  
  
  
  
  
`