################# In The Name Of Allah ################
#
#######################################################
#
# [+] Exploit Title : fluidgalleries Photo Upload Remote Shell Upload Vulnerability
# [+] Google Dork 1 : inurl:"fluidgalleries/dat/info.dat"
# [+] Google Dork 2 : inurl:"/fluidgalleries/php/"
# [+] Date : 01/08/2013
# [+] Exploit Author : Iranian_Dark_Coders_Team
# [+] Home : www.idc-team.net
# [+] Discovered By : Black.Hack3r
# [+] Vendor Homepage : http://www.fluidgalleries.co
# [+] Version : All Version
# [+] Tested on : Windows 7
#
#######################################################
#
# [+] Exploit:
#
# [+] http://localhost/[path]/fluidgalleries/php/photo-upload.php
#
#######################################################
#
# [+] Proof:
#
# [+] Please run the Firefox browser
# [+] Then Add-ons Live HTTP headers in Firefox Install >> https://addons.mozilla.org/en-us/firefox/addon/live-http-headers/
# [+] Now the run Add-ons Live HTTP headers
# [+] Then go to this page http://localhost/[path]/fluidgalleries/php/photo-upload.php
# [+] Click the Choose File button Then select a file [shell.php.jpg]
# [+] Then click on the upload button
# [+] Now using Live HTTP headers uploaded files to PHP change [shell.php]
# [+] Then go to this page http://localhost/[path]/fluidgalleries/photos/ [Random number+shell.php]
# [+] A Sample Shell :: http://pitlakarts.com/fluidgalleries/photos/1black.php
#
# [+] Video proof exploits :: http://m-h-a-c-k-e-r.persiangig.com/fluidgalleriesExploit.html
# [+] Video proof exploits :: http://m-h-a-c-k-e-r.persiangig.com/Black.Idc-Team/fluidgalleriesExploit/fluidgalleriesExploit.swf
#
#######################################################
#
# [+] Demo site:
#
# [+] http://pitlakarts.com/fluidgalleries/php/photo-upload.php
# [+] http://www.scottmartinezphotography.com/fluidgalleries/php/photo-upload.php
# [+] http://www.patrickwking.com/fluidgalleries/php/photo-upload.php
# [+] http://www.danbatchelor.com/photo/fluidgalleries/php/photo-upload.php
# [+] http://ritacoury.com/fluidgalleries/php/photo-upload.php
#
#######################################################
#
# [+] Discovered By : Black.Hack3r
# [+] We Are : M.R.S.CO,Black.Hack3r,N3O,UB313
# [+] SpTnx : Mr.Cicili,Sec4ever,shahram black hat,C@M!S3Я_H3X,3is@,HOt0N,All Members In www.idc-team.net/cc
# [+] Home : http://www.idc-team.net
#
#######################################################