CVE-2008-4509

This is a writeup describing an arbitrary file upload vulnerability in FOSS Gallery Public Version <= 1.0. The vulnerability allows attackers to upload PHP files due to lack of proper file format validation in processFiles.php.

This exploit leverages an arbitrary file upload vulnerability in FOSS Gallery Admin Version <= 1.0 by bypassing authentication checks in the upload process. It directly POSTs to processFiles.php, allowing an attacker to upload any file, including a malicious shell.

This exploit targets FOSS Gallery Public <= 1.0, allowing arbitrary file upload via a vulnerable endpoint (`processFiles.php`). It uploads a PHP shell (default: `c99.php`) and executes commands to retrieve system information.