phpAdBoard (php uploads) Arbitrary File Upload Vulnerability

2008-12-23T00:00:00
ID 1337DAY-ID-4533
Type zdt
Reporter ahmadbady
Modified 2008-12-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
phpAdBoard (php uploads) Arbitrary File Upload Vulnerability
============================================================


.......................................................................

****(remote shell upload)****

script: phpAdBoard
   
***************************************************************************
download from:http://www.w2b.ru/download/phpAdBoard.zip
   
***************************************************************************
www.site.com/path/index.php
shell: www.site.com/path/photoes/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpAdBoard"

if folder photoes is forbidden
after get upload file u do right-click and see image properties and u see address file.
  
------------------------------------------------------------------------------------------  
**************************************************



#  0day.today [2018-02-16]  #