####################################################
# Exploit Title: File Thingie Malicious File Upload
# Date: 29-09-2010
# Author: Chris Horeweg - SiteSafe
# Author URL: sitesafe.nl
# Author Mail: c.horeweg@sitesafe.nl
# Software Name: File Thingie
# Software Link: http://www.solitude.dk/filethingie/
# Version: 2.5.6 and below
# Category: Webapps
# Google dork: [File Thingie (2.5.6)]
# Tested on: Linux (ONE.COM)
# Demo site: No Demo Online, Download From Link Above
##
#####################################################
##
## Exploit
# After logging in, upload your file (shell?) with an
# extension that has been whitelisted. In this case,
# I found out that the extension TXT was whitelisted. 
# I renamed the file, added a HTML NULL-token, and 
# discovered that the file was executed by the server...
#
## cdk93.php.&#00.txt
#
# Is this a File Thingie mistake, a One.com server 
# error or is this exploitable to any server?
#
## Greetings from the Netherlands!
## EoF
#######################################################