Inout Ad server Ultimate -- Shell upload Vulnerabilty

vendor:

Inout Adserver

by:

..::[ SONiC ]::.. aka ~the_pshyco~

7,5

CVSS

HIGH

Shell Upload Vulnerability

N/A

CWE

Product Name: Inout Adserver

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Inout Ad server Ultimate — Shell upload Vulnerabilty

Inout Adserver is powerful, feature rich, fully customizable PayPerClick advertiser/publisher networking script from inoutscripts.com. Advertisers can register into adserver and can post their text or banner PayPerClick(PPC) ads. Publishers can generate html code corresponding to their preferred style and can paste it in their web site to show ads relevant to their page content. Unpriviledged user could be Able to upload Shell and take over the control.

Mitigation:

N/A

Source

Exploit-DB raw data:

==============================================================
Inout Ad server Ultimate --  Shell upload Vulnerabilty 
==============================================================


Name : Inout Ad server Ultimate   Shell upload Vulnerabilty  
Date : july 9,2010
Critical Level     :VERY HIGH
vendor URL :http://www.inoutscripts.com
Price:$197

Author : ..::[ SONiC ]::.. aka ~the_pshyco~ <sonicdefence[at]gmail.com>

special thanks to : Sid3^effects,r0073r (inj3ct0r.com),L0rd CruSad3r,M4n0j,Bunny,Nishi,MA1201,RJ,D3aD F0x

greetz to :www.topsecure.net ,All ICW members , iNj3cT0r.com, www.andhrahackers.com

special Shoutz : my Girl Frnd [H*****] 

###################################
I'm SONiC member from Inj3ct0r Team
################################### 
Description :

Inout Adserver is powerful, feature rich, fully customizable PayPerClick advertiser/publisher networking script from inoutscripts.com. Advertisers can register into adserver and can post their text or banner PayPerClick(PPC) ads. Publishers can generate html code corresponding to their preferred style and can paste it in their web site to show ads relevant to their page content. Adserver administrator can define the commission to share with publishers. Administrator can create public service ads to show them up in partner webpages irrespective of the keywords used to search or the content of the page where the ad code is placed. The entire system is template driven which allows you to easily modify the advertiser, publisher pages to match your web site look. Also the support for utf-8 encoding allows you to use any local language for your ads. 


#######################################################################################################
Xploit :Shell Upload Vulnerability

DEMO URL http://www.site.com/inout_adserver_ultimate/ppc-new-image-ad.php

Uploaded Path : http://www.site.com/inout_adserver_ultimate/ppc-banners/

unpriviledged user could be Able to upload Shell and take over the control .

###############################################################################################################

# ..::[ SONiC ]::.. aka the_pshyco