vBulletin PhotoPost vBGallery v2.x Remote File Upload Found by : Cold z3ro e-mail : exploiter@hackteach.org Home page : www.Hack.ps ============================== exploit usage : http://localhost/Forum/$gallery_path/upload.php here the exploiter can upload php shell via this script by renamed it's name to $name.php.wmv but first he should be a user in the forum thats so important to him cus the uploaded file will be in his account nomber folder . example : user : Cold z3ro http://www.hackteach.org/cc/member.php?u=4 his account nomber is 4 as shown in link , the uploaded file ( shell ) will be in http://localhost/Forum/$gallery_path/files/4/$name.php.wmv id the user Cold z3ro have acconut nomber as example ( 12345 ) the file path is http://localhost/Forum/$gallery_path/files/1/2/3/4/5/$name.php.wmv =================== i want tho thank all members in www.hackteach.org forums , best work u are done. thank u . # hackteach.org # milw0rm.com [2008-07-15]