phpAdBoard (php uploads) Arbitrary File Upload Vulnerability

2008-12-23 22:42:11

.......................................................................

****(remote shell upload)****

script: phpAdBoard

***************************************************************************
download from:http://www.w2b.ru/download/phpAdBoard.zip

***************************************************************************
www.site.com/path/index.php
shell: www.site.com/path/photoes/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpAdBoard"

if folder photoes is forbidden
after get upload file u do right-click and see image properties and u see address file.

------------------------------------------------------------------------------------------
**************************************************


Author: ahmadbady

**************************************************

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.