BigDump 0.35b - Arbitrary File Upload

Author: felipe andrian
type: webapps
platform: php
port: 
date_added: 2014-03-24 
date_updated: 2014-03-24 
verified: 1 
codes: CVE-2008-6660;OSVDB-53407 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.combigdump.zip

[+] Arbitrary Upload on BigDump v0.35b
[+] Date: 23/03/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.ozerov.de/bigdump/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: bigdump.php
[+] Version: v0.35b
[+] Exploit : http://host/bigdump.php?start=
[+] PoC: http://SERVER/bigdump.php?start=

Note: allows upload files and shells with tamperdate.