PHPAdBoard - PHP uploads Arbitrary File Upload



EKU-ID: 15409 CVE: OSVDB-50996;CVE-2008-6921 OSVDB-ID:
Author: ahmadbady Published: 2008-12-23 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


.......................................................................

****(remote shell upload)****

script: phpAdBoard

***************************************************************************
download from:http://www.w2b.ru/download/phpAdBoard.zip

***************************************************************************
www.site.com/path/index.php
shell: www.site.com/path/photoes/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpAdBoard"

if folder photoes is forbidden
after get upload file u do right-click and see image properties and u see address file.

------------------------------------------------------------------------------------------
**************************************************


Author: ahmadbady

**************************************************

# milw0rm.com [2008-12-23]