getaphpsite Auto Dealers Remote File Upload Vulnerability

getaphpsite Auto Dealers Remote File Upload Vulnerability

link: http://www.milw0rm.com/exploits/7189

Discovered By: ZoRLu msn: trt-turk@hotmail.com

first register to site

login to site and edit your profile

upload your_shell.php

your_shell.php path:

localhost/script/re_images/[ID]_logo_your_shell.php

example for demo:

login: http://www.getaphpsite.com/demos/cardealers/login.php

user: zorlu

passwd: zorlu1

shell:

http://www.getaphpsite.com/demos/cardealers/re_images/1227370217_logo_c.php