PHPAdBoard - PHP uploads Arbitrary File Upload

Author: ahmadbady
type: webapps
platform: php
port: 
date_added: 2008-12-22 
date_updated: 2017-01-23 
verified: 1 
codes: OSVDB-50996;CVE-2008-6921 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comphpAdBoard.zip

.......................................................................

****(remote shell upload)****

script: phpAdBoard

***************************************************************************
download from:http://www.w2b.ru/download/phpAdBoard.zip

***************************************************************************
www.site.com/path/index.php
shell: www.site.com/path/photoes/number_shell.php
-----------------------------------------------------------------------------------------
dork:"powered by phpAdBoard"

if folder photoes is forbidden
after get upload file u do right-click and see image properties and u see address file.

------------------------------------------------------------------------------------------
**************************************************


Author: ahmadbady

**************************************************

# milw0rm.com [2008-12-23]