The File Upload Form software from Zubrag.com suffers from a remote shell upload vulnerability.
f90b595bb7d73d8733f09a6d1dce2d682140ea3e5440b677d17491fc603df443
# Exploit Title: File Upload Form File Arbitrary Upload
# Date: 05/02/2012
# Author: Daniel Godoy
# Author Mail: DanielGodoy[at]GobiernoFederal[dot]com
# Author Web: www.delincuentedigital.com.ar
# Software: File Upload Form
# http://www.zubrag.com/scripts/file-upload-form.php
# Tested on: Linux
[Comment]
Greetz: Hernan Jais, Alfonso Cuevas, SPEED, Sensei, Incid3nt,
Maximiliano Soler
Sunplace, Pablin77,_tty0, Login-Root,Knet,Kikito,Duraznit0,
InyeXion
her0, r0dr1 y LinuxFer, Scorp, Nettoxic, Apokalypsis y demas
user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[File Arbitrary Upload]
you can upload any type of file with any extension and will be
renamed by up '. rand (md5 ()).'. php
example: up5f923ffca9e6c8674c04cbf66db3f110.php
to see uploads contact
http://path-upload/tmp/
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com