PG Social Networking - Arbitrary File Upload

EDB-ID:

14280

CVE:

N/A


Author:

SONIC

Type:

webapps


Platform:

PHP

Date:

2010-07-08


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

==============================================================
PG Social Networking  --Shell upload  Vulnerabilty 
==============================================================


Name :  PG Social Networking --Shell upload  Vulnerabilty 
Date : july 9,2010
Critical Level     :VERY HIGH
vendor URL :http://www.datingpro.com/social
Price:$739

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com>

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****] 

###################################
I'm SONiC member from Inj3ct0r Team
################################### 
Description :

PG Social Networking lets you start your Social Networking Site with many of the advanced features. With our Social Networking Software members can create profiles, search for others, instant message each other, and much much more!


#######################################################################################################
eXploit :Shell Upload  vulnerabilty

DEMO URL http://demo.site.com/social/myprofile.php

Could be able to Upload shell as Image file




###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco