PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability

2008-07-15T00:00:00
ID 1337DAY-ID-3415
Type zdt
Reporter Cold Zero
Modified 2008-07-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================================
PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability
=============================================================



exploit usage : 

http://localhost/Forum/$gallery_path/upload.php

here the exploiter can upload php shell via this script

by renamed it's name to $name.php.wmv

but first he should be a user in the forum

thats so important to him cus the uploaded file will be

in his account nomber folder .

example :

user : Cold z3ro

his account nomber is 4 as shown in link ,

the uploaded file ( shell ) will be in

http://localhost/Forum/$gallery_path/files/4/$name.php.wmv

id the user Cold z3ro have acconut nomber as example ( 12345 )

the file path is 

http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv

===================

i want tho thank all members in www.hackteach.org forums , best work u are done.

thank u .




#  0day.today [2018-01-05]  #