Serendipity 1.5.4 - Arbitrary File Upload Vulnerability (0day)

2010-12-21
ID: 38622
CVE: None
Download vulnerable application: Download
In The Name Of GOD 
[+] Exploit Title:remote 0day file upload
[+] Date: 2010
[+] script:Serendipity 1.5.4
[+] Software Link: http://www.s9y.org/12.html
[+] Author  : pentesters.ir
[+]discovered by:ahmadbady
[+] Contact : [email protected]
[+] Website : WwW.PenTesters.IR 
[+] Greeting: Behzad, navid, ...
[+]dork:"Powered by s9y"  and  "Powered by serendipity"
----------------------------------------------------------------------------
up:
/path/htmlarea/plugins/ExtendedFileManager/manager.php

shell:
/htmlarea/plugins/ExtendedFileManager/demo_images/shell.php.gif
------------------------------------------------------------------------------
1-4-2 (www01)