Best Top List Remote File Upload Vulnerability

Best Top List Remote File Upload Vulnerability

Script : Best Top List

Version : All Version

Site : http://besttoplist.sourceforge.net (Closed)

Founder : Rizgar

Contact : rizgar@linuxmail.org and irc.gigachat.net #kurdhack

Thanks : KHC, PH , ColdHackers

d0rk : "Powered by Best Top List by Szymon Kosok v. 2.11" inurl:"banner-upload.php" "Copyright (c) 2002 - Best-Scripts.TK"

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Vulnerability details ;

Best Top List contains a vulnerability that allows remote attackers to upload arbitrary files to any directory in the system. This bug is effective in the link "banner-upload.php." Do you neccessary a phpshell script in the upload server. Your files you loaded the genarally ; www.site.com/banners/shell.php in see

POC : http://www.site.com/path/banner-upload.php

Code god ready in one simple shape.;

> cat banner-upload.php

echo "<br><br><center>" . $lang['uploadtxt'] . "<br><br> >>>>>> see :]

<form enctype='multipart/form-data' method='post' action='upload.php'>

<input type='hidden' name='action' value='upload'>

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

<table frame=box rules=none border=0 cellpadding=2

       cellspacing=0 align='center'>

   <tr>

<td>Banner:</td>

<td><input type='file' name='userfile'></td>

   </tr>

<tr>

<td>" . $lang['siteurlwohttp'] . ":</td>

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

<td><input type='input' name='sitename'></td>

   </tr>

   <tr>

<td></td>

<td><input type='submit' name ='upload'

                 value='Upload'>