SimogeoFilemanager Upload File Vulnerability

1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team
####################################################################
#
#                            RoxTeam Italian Hackers And Security Team 2012
#
#
# Exploit Title: SimogeoFilemanager Upload File Vulnerability
# Date: 09/02/2012
# Author: hack`
# Contact Email: RoxTeamGroup@gmail.com
# Irc: irc.roxteam.ns0.it Port SSL 6697  #RoxAntiSec
# Category: webapps
# Risk: Higt
# Vendor or Software Link: https://github.com/simogeo/Filemanager
# Download Link: https://github.com/simogeo/Filemanager/downloads
# Tested on: Linux
# Google Dork: inurl:/filemanager/userfiles/ filetype:pdf or inurl:/filemanager/index.html
#Proof of Concept :

[-] Vulnerable code in: /filemanager/index.html
[-] Exemple: http://site.com/filemanager/index.html

Step1: Search site that contains the vulnnerable file /filemanager/index.html
Step2: Upload Backdoor Shell.php
Step3: Move to the folder where files are stored /UserFiles/ Exemple: http://site.com/filemanager/UserFiles/Shell.php
Step4: Now you can have full access to your shell ;)

Exemple Site:
http://www.kanu-sachsen-anhalt.de/admin/media/simogeo-Filemanager/index.html
http://www.nusportcentral.co.uk/ckeditor/filemanager/index.html
http://www.kosisi.lv/resursi/ckeditor/filemanager/index.html

Fix Problems: Rename the folder containing the main index and rename the index to your liking