PG Social Networking - Arbitrary File Upload

EDB-ID:

14280

CVE:

N/A

EDB Verified:

Author:

SONIC

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-07-08

Vulnerable App:

==============================================================
PG Social Networking  --Shell upload  Vulnerabilty 
==============================================================


Name :  PG Social Networking --Shell upload  Vulnerabilty 
Date : july 9,2010
Critical Level     :VERY HIGH
vendor URL :http://www.datingpro.com/social
Price:$739

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com>

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****] 

###################################
I'm SONiC member from Inj3ct0r Team
################################### 
Description :

PG Social Networking lets you start your Social Networking Site with many of the advanced features. With our Social Networking Software members can create profiles, search for others, instant message each other, and much much more!


#######################################################################################################
eXploit :Shell Upload  vulnerabilty

DEMO URL http://demo.site.com/social/myprofile.php

Could be able to Upload shell as Image file




###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services