In-Portal v 4.3.1 Shell Upload Vulnerability

vendor:

In-Portal

by:

Mr.tro0oqy

7,5

CVSS

HIGH

Shell Upload Vulnerability

264

CWE

Product Name: In-Portal

Affected Version From: 4.3.1

Affected Version To: 4.3.1

Patch Exists: NO

Related CWE: N/A

CPE: a:in-portal:in-portal

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

In-Portal v 4.3.1 Shell Upload Vulnerability

In-Portal v 4.3.1 is vulnerable to a shell upload vulnerability. An attacker can register in the site, go to their profile, upload a shell.php file, and then get a shell by accessing the file at http://www.xxx.com/path/kernel/images/shell.php

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file operation.

Source

Exploit-DB raw data:

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :In-Portal v 4.3.1 Shell Upload Vulnerability

[+] D0rk : Powered by In-portal Â® 1997-2009,

[+] Script site : www.in-portal.net

[+] Found by : Mr.tro0oqy  
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
exploit:
-------
step1: register in site 

http://www.xxx.com/path/platform/login/register.html

step2: go to your profile 

http://www.xxx.com/path/platform/my_account/my_profile.html

step3: upload shell.php

step4: get shell

http://www.xxx.com/path/kernel/images/shell.php


Demo:
-----
http://www.in-portal.net/demo
-----




Yemeni ana ;)

# milw0rm.com [2009-07-28]