Uploadscript 1.0 - Multiple Vulnerabilities

🗓️ 01 Jul 2014 00:00:00Reported by RootType
Uploadscript v1.0 - Multiple Vulnerabilities. AdminCP login bypass, shell upload, and ban deletion

                                                # Exploit Title: Uploadscript v1.0. Multiple Vulnerabilities
# Date: 13-12-2009
# Author: Mr.aFiR
# Software Link: http://www.phpstudio.hu/?action=verify&categorize=php&subaction=php&context=php&ID=75&verify=0
# Version: N/A
# Tested on: GNU/LINUX
# CVE : N/A
# Code : N/A
#####################################################################

#####################################################################
##                                _______   ____                   ##
##          __ ___               / _____ \ /  __ \                 ##
##         /      \  _ _     ___ | |___ |/ | |  ) )                ##
##        |  Y  Y  \| V_\   / _ Y|  __ |(_)| |_/ /      [A]        ##
##        |__|__|__ \ |  ()| (_] | |  \|| ||  __ \                 ##
##                 \/_/     \___ | |    | || |  ) |                ##
##                              \|/     |_/|_/  |/                 ##
##                                                                 ##
#####################################################################
##          Uploadscript v1.0. Multiple Vulnerabilities            ##
##                [Admin-password / Shell Upload]                  ##
##              Created By Mr.aFiR (Moroccan Hacker)               ##
##            Email: [email protected] / [email protected]              ##
##                     Website: www.aFiR.me                        ##
##                      (c) -- 13/12/2oo9                          ##
#####################################################################
##                      * How to use it ?                          ##
##                      -----------------                          ##
## ~ Go to : &#62; http://site/path/password.txt                       ##
##           &#62; You will find a Hash(md5) password !                ##
##           &#62; Decrypte this password !                            ##
##           &#62; Now! Go to : /path/admin.php                        ##
##           &#62; Write the password & Login to AdminCP               ##
##           &#62; Go to : /path/admin.php?act=bans                    ##
##           &#62; Delete All Bans                                     ##
##           &#62; Now! Go to : /path/index.php                        ##
##           &#62; Upload your shell as : shell.php.jpg                ##
##           &#62; Uploaded Files Directory is : /path/storagedata/    ##
##           &#62; Your Link is:                                       ##
##                     http://server/path/storagedata/[Shell]      ##
##           &#62; -------------------------------------------------   ##
##           &#62; Enjoy With it, You Will Find a lot of infected      ##
##             websites. & Remember me ;)                          ##
#####################################################################
## ~ GreatZ To : &#62; Dr.Crypter - Dr.BoB-Hacker - Love511 & All ...  ##
## ~ Contact   : &#62; q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me    ##
##                        I Love You ****                          ##
#####################################################################
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1