Dokeos 1.8.4 - Arbitrary File Upload

EDB-ID:

4753




Platform:

PHP

Date:

2007-12-18


# Name : dokeos-1.8.4  Bypass Upload Shell From Your Profile (Your Cpanel)
# Download From : http://www.dokeos.com/download/dokeos-1.8.4.zip
# Found By : RoMaNcYxHaCkEr
# Home Page : Not Yet :(
# Google Dork : Platform Dokeos 1.8.4 © 2007
============================================================================
# Explantion By Video:
http://www.mediafire.com/?92em2pjx0s1
# Explantion Exploit :
First You Must Register In Script Ok :
http://localhost/dokeos/main/auth/inscription.php
And Enter By Username And Your Password The Enter Here Your Profile You Can See That Above :
http://localhost/dokeos/main/auth/profile.php
Then You See Choice My productions And See Browser Rename Your Shell To Shell.php.rar Then Choose Ok In Final
Then Enter Here And See Your Profiles And If You Online Or Not
http://localhost/dokeos/whoisonline.php
And Search Your Username And Enter Your Profile
Then You See All Information Which You Added !! Like That:
Productions
sniper.php.rar
See That Enter Your Name Shell And See Link Your Shell Like Me Here
http://localhost/dokeos/main/upload/users/4/sniper.php.rar
That,s All :)
Good Luck Everybody
============================================================================
# Greet To :
Cold Z3ro My Master (Hackteach.org)
Hack15 TeaM (V99x.com)
Sniper-Sa (Sniper-sa.com)
Tryag TeaM (Tryag.com)
Yee7 TeaM (Yee7.com)
H-T TeaM (no-hack.fr)
Str0ck
My5ql Team
Also: Saudi Kafo , Adel Alroh , Mr-Google , Kill eye And All My Friends
# For Contact : RxH@HotMail.iT
Best Wishes

# milw0rm.com [2007-12-18]