Mail Form Pro version 2 suffers from a shell upload vulnerability.
e04f6a44ce0beb3de3e6a649ebefa3fc4a8303fe704d6bd4f78b15dfecd16a06
# Exploit Title: Multiple File Attachments Mail Form Pro v2 - WebShell upload
# Date: 16/02/2010
# Author: EgoPL
# Mail: dplrip@gmail.com<mailto:dplrip@gmail.com>
# Software Link: http://activeden.net/item/multiple-file-attachments-mail-form-prov2/31262
# Version: Pro V2
# Tested on: Arch Linux + Apache but it's OS independent.
#Exploit:
The webapp uploads the attachments of the mail with 777 permissions so you can upload a webshell and use it etc
Code
if(!is_dir("./files")) mkdir("./files", 0755);
move_uploaded_file($_FILES['Filedata']['tmp_name'], "./files/".$_FILES['Filedata']['name']);
chmod("./files/".$_FILES['Filedata']['name'], 0777);
That's the EPIC fail. You only need to upload a webshell and enter to it in the folder files.