PG Social Networking - Arbitrary File Upload

EDB-ID:

14280

CVE:

N/A

Author:

SONIC

Type:

webapps

Platform:

PHP

Published:

2010-07-08

==============================================================
PG Social Networking  --Shell upload  Vulnerabilty 
==============================================================


Name :  PG Social Networking --Shell upload  Vulnerabilty 
Date : july 9,2010
Critical Level     :VERY HIGH
vendor URL :http://www.datingpro.com/social
Price:$739

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com>

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****] 

###################################
I'm SONiC member from Inj3ct0r Team
################################### 
Description :

PG Social Networking lets you start your Social Networking Site with many of the advanced features. With our Social Networking Software members can create profiles, search for others, instant message each other, and much much more!


#######################################################################################################
eXploit :Shell Upload  vulnerabilty

DEMO URL http://demo.site.com/social/myprofile.php

Could be able to Upload shell as Image file




###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco