They had no validation on file type and you could upload & access a script that executed commands server-side?
It's really not pretty what can happen when you have a juicy target, plenty of time, and a perfect idea of how you can use it to your advantage.
Fortunately they weren't at all malicious... just looking for ways to grow their little empire to play their war games and hopefully make some cash.
It's really not pretty what can happen when you have a juicy target, plenty of time, and a perfect idea of how you can use it to your advantage.
Fortunately they weren't at all malicious... just looking for ways to grow their little empire to play their war games and hopefully make some cash.