aliboard Beta suffers from a remote shell upload vulnerability via the avatar functionality.
fee271e1ede536eb14b482f6f3d5619bb743a0858c8d73c4aed9e6db8ca6c6f6
# Name : aliboard Beta Upload Shell From ControlPanel
# Download From : http://www.alilg.com/software/free-opensource-bulletin-board/
# Found By : RoMaNcYxHaCkEr [RoMaNTiC-TeaM]
# Home Page : WwW.4RxH.CoM
# Google Dork : Powered by aliboard © 2006, 2007 alilg web-based software
+============================================================================+
# Exploit :
First You Must Register In Forum e.g.:
http://localhost/aliboard/register.php
Then Login By Your Member Ok ....
Then Enter Here For Your control panel e.g. :
http://localhost/aliboard/usercp.php
And Choose Change Avatar e.g. :
http://localhost/aliboard/usercp.php?openup=avatar
Choose Shell.php And Upload That !!!
Then Click Right Mouse In Image Uploaded And Choose Properties You See Direct Link For Shell e.g. :
http://localhost/aliboard/uploads/avatars/1202621776_1.php
It,s Work !!!!
Or Enter In This Path Then You See The File e.g. :
http://localhost/aliboard/uploads/avatars/
That,s It,s
Good Luck Everybody
+============================================================================+
# Greet To :
Tryag TeaM
# For Contact : RxH@HotMail.iT
# Note : Yesterday I Help You !! Tomorrow Fuck Me !!! Fuck All Snitches !!! But Do You Know What !!! That,s Is My Mistake
Best Wishes
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed