Inout Article Base Ultimate - Arbitrary File Upload

EDB-ID:

14278

CVE:

N/A


Author:

SONIC

Type:

webapps


Platform:

PHP

Date:

2010-07-08


==============================================================
Inout Article base Ultimate   Shell upload Vulnerabilty 
==============================================================


Name : Inout Article base Ultimate   Shell upload Vulnerabilty  
Date : july 9,2010
Critical Level     :VERY HIGH
vendor URL :http://www.inoutscripts.com
Price:$197

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com>

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****] 

###################################
I'm SONiC member from Inj3ct0r Team
################################### 

Description :

  	

Inout Article Base is a powerful, feature rich, fully customizable article script from inoutscripts.com. This is a highly Search Engine Optimized script which helps you to publish unlimited number of articles. The entire system is template driven which allows you to easily modify the public pages to match your web site look. If you are serious about your online business, help yourself driving traffic from search engines into your website with Inout Article Base. 


#######################################################################################################
Xploit :Shell Upload Vulnerability

DEMO URL http://www.site.com/inout_article_base_ultimate/member/newarticle

Uploaded Path : http://www.site.com/inout_article_base_ultimate/admin/pictures/692/

unpriviledged user could be Able to upload Shell and take over the control .

###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco