AlstraSoft SendIt Pro Remote File Upload Vulnerability

AlstraSoft SendIt Pro Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7101

Discovered By: ZoRLu

dork: "Powered by AlstraSoft SendIt Pro"

Exploit:

you save your shell like this: shell.php.pjpeg

warning: filetype not php.jpeg

like this: filetype: php.pjpeg

after you go site

Recipients' e-mail address: write anything

Select file : select your_shell.php.pjpeg

Your e-mail address: email

Message to send to recipient : write anything

and click to send button after you see link and clik to that link

you go your_shell.php.pjpeg :

localhost/script/send/files/[id]shell.php.pjpeg

example for demo:

http://www.blizsoft.com/send/files/84019shell.php.pjpeg