======================================
NetLink Remote Arbitrary File Upload Vulnerability
Download: http://sourceforge.net/projects/kp-netlink/
by lumut--
Homepage: lumutcherenza.biz
======================================
[upload.php]
";
echo "";
echo "Filename: ".$file_name;
echo "
File Type: ".$file_type;
echo "
File Size: ".$file_size;
#now that the stats have been declared & displayed, now we process and
upload the file
$file_dest = "Users/$user/";
$file_dest = $file_dest . $_FILES['filename']['name'];
echo "
Copying $file_name....";
echo "
Moving copied file to $user's account...";
echo "
";
if (move_uploaded_file($_FILES['filename']['tmp_name'], $file_dest))
print "File '$file_name' was successfully uploaded to account
$user.
";
else
{
print "Possible file upload attack! Here's some debugging info:\n";
print_r($_FILES);
}
touch("Users/$user/$file_name");
include("options.php");
echo "
";
}
?>
expl: http://[target]/[netlink_path]/upload.php
shell: http://[target]/[netlink_path]/Users/yourshell.php
======================================================================
thx to : cr4wl3r, Team_elitE, kisame, aNtI_hAcK, kazuya, PunkRock and
manadocoding team :D
======================================================================