vBulletin PhotoPost vBGallery v2.x Remote File UploadFound by : Cold z3roe-mail : exploiter@hackteach.orgHome page : www.Hack.ps==============================exploit usage : http://localhost/Forum/$gallery_path/upload.phphere the exploiter can upload php shell via this scriptby renamed its name to $name.php.wmvbut first he should be a user in the forumthats so important to him cus the uploaded file will bein his account nomber folder .example :user : Cold z3rohttp://www.hackteach.org/cc/member.php?u=4his account nomber is 4 as shown in link ,the uploaded file ( shell ) will be inhttp://localhost/Forum/$gallery_path/files/4/$name.php.wmvid the user Cold z3ro have acconut nomber as example ( 12345 )the file path is http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv===================i want tho thank all members in www.hackteach.org forums , best work u are done.thank u .# hackteach.org# milw0rm.com [2008-07-15]
